Lucene search

MitreCVE-2016-8605

HistoryJan 12, 2017 - 10:59 p.m.

CVE-2016-8605

2017-01-1222:59:00

CWE-275

mitre

web.nvd.nist.gov

nvd

cve-2016-8605

gnu guile

umask

multithreading

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.003

Percentile

70.7%

JSON

The mkdir procedure of GNU Guile temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

Affected configurations

Nvd

Node

fedoraprojectfedoraMatch23

fedoraprojectfedoraMatch24

fedoraprojectfedoraMatch25

Node

gnuguileRange≤2.0.12

VendorProductVersionCPE
fedoraprojectfedora23cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
fedoraprojectfedora24cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
fedoraprojectfedora25cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
gnuguile*cpe:2.3:a:gnu:guile:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	fedora	23	cpe:2.3:o:fedoraproject:fedora:23:::::::*
fedoraproject	fedora	24	cpe:2.3:o:fedoraproject:fedora:24:::::::*
fedoraproject	fedora	25	cpe:2.3:o:fedoraproject:fedora:25:::::::*
gnu	guile	*	cpe:2.3:a:gnu:guile::::::::