Vulnerability Description
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sandstorm | Sandstorm | < 0.203 |
Related Weaknesses (CWE)
References
- https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/ExploitThird Party Advisory
- https://github.com/sandstorm-io/sandstorm/blob/v0.202/src/sandstorm/backup.c%2B%Third Party Advisory
- https://github.com/sandstorm-io/sandstorm/commit/4ea8df7403381d9b657b121b3c98d80PatchThird Party Advisory
- https://github.com/sandstorm-io/sandstorm/commit/6e8572ea8bb56d0216bb1b410e5040ePatchThird Party Advisory
- https://sandstorm.io/news/2017-03-02-security-reviewVendor Advisory
- https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/ExploitThird Party Advisory
- https://github.com/sandstorm-io/sandstorm/blob/v0.202/src/sandstorm/backup.c%2B%Third Party Advisory
- https://github.com/sandstorm-io/sandstorm/commit/4ea8df7403381d9b657b121b3c98d80PatchThird Party Advisory
- https://github.com/sandstorm-io/sandstorm/commit/6e8572ea8bb56d0216bb1b410e5040ePatchThird Party Advisory
- https://sandstorm.io/news/2017-03-02-security-reviewVendor Advisory
FAQ
What is CVE-2017-6200?
CVE-2017-6200 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Li...
How severe is CVE-2017-6200?
CVE-2017-6200 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6200?
Check the references section above for vendor advisories and patch information. Affected products include: Sandstorm Sandstorm.