Vulnerability Description
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.2 |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.html
- https://build.opensuse.org/request/show/361096Patch
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.html
- https://build.opensuse.org/request/show/361096Patch
FAQ
What is CVE-2016-4007?
CVE-2016-4007 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via ...
How severe is CVE-2016-4007?
CVE-2016-4007 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-4007?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse.