Vulnerabilities > CVE-2017-15131 - Improper Access Control vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
freedesktop
redhat
CWE-284
nessus
NVD
Published: 2018-01-09
Updated: 2023-02-12

Summary

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

Vulnerable Configurations

Part Description Count
Application
Freedesktop
16
OS
Redhat
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0026_XDG-USER-DIRS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xdg-user-dirs packages installed that are affected by a vulnerability: - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user
    last seen2020-06-01
    modified2020-06-02
    plugin id127188
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127188
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : xdg-user-dirs Vulnerability (NS-SA-2019-0026)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1024.NASL
    descriptionAccording to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user
    last seen2020-05-06
    modified2018-01-19
    plugin id106165
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106165
    titleEulerOS 2.0 SP1 : xdg-user-dirs (EulerOS-SA-2018-1024)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1030.NASL
    descriptionIt was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user
    last seen2020-06-01
    modified2020-06-02
    plugin id110447
    published2018-06-12
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110447
    titleAmazon Linux 2 : xdg-user-dirs (ALAS-2018-1030)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180410_XDG_USER_DIRS_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) Additional Changes :
    last seen2020-03-18
    modified2018-05-01
    plugin id109459
    published2018-05-01
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109459
    titleScientific Linux Security Update : xdg-user-dirs on SL7.x x86_64 (20180410)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-0842.NASL
    descriptionFrom Red Hat Security Advisory 2018:0842 : An update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories. Security Fix(es) : * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109107
    published2018-04-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109107
    titleOracle Linux 7 : xdg-user-dirs (ELSA-2018-0842)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0842.NASL
    descriptionAn update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories. Security Fix(es) : * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id108987
    published2018-04-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108987
    titleRHEL 7 : xdg-user-dirs (RHSA-2018:0842)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-0842.NASL
    descriptionAn update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories. Security Fix(es) : * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109373
    published2018-04-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109373
    titleCentOS 7 : xdg-user-dirs (CESA-2018:0842)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1025.NASL
    descriptionAccording to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user
    last seen2020-05-06
    modified2018-01-19
    plugin id106166
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106166
    titleEulerOS 2.0 SP2 : xdg-user-dirs (EulerOS-SA-2018-1025)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1181.NASL
    descriptionAccording to the version of the xdg-user-dirs package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user
    last seen2020-05-06
    modified2018-07-03
    plugin id110845
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110845
    titleEulerOS 2.0 SP3 : xdg-user-dirs (EulerOS-SA-2018-1181)

Redhat

advisories
bugzilla
id1455094
titleCVE-2017-15131 xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • commentxdg-user-dirs is earlier than 0:0.15-5.el7
      ovaloval:com.redhat.rhsa:tst:20180842001
    • commentxdg-user-dirs is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20180842002
rhsa
idRHSA-2018:0842
released2018-04-10
severityLow
titleRHSA-2018:0842: xdg-user-dirs security and bug fix update (Low)
rpms
  • xdg-user-dirs-0:0.15-5.el7
  • xdg-user-dirs-debuginfo-0:0.15-5.el7

References