Vulnerabilities > CVE-2017-9286 - Unspecified vulnerability in Opensuse Leap 42.3

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opensuse

nessus

NVD

Published: 2018-03-01

Updated: 2024-11-21

Summary

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.

Vulnerable Configurations

Part	Description	Count
OS	Opensuse Opensuse Leap 42.3	1

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-1121.NASL
description	This update for nextcloud fixes the following issues : - CVE-2017-9286: During upgrade of the nextcloud package local attackers could gain root access via a /tmp file race. (boo#1036756)
last seen	2020-06-05
modified	2017-10-04
plugin id	103661
published	2017-10-04
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/103661
title	openSUSE Security Update : nextcloud (openSUSE-2017-1121)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1121. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(103661); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-9286"); script_name(english:"openSUSE Security Update : nextcloud (openSUSE-2017-1121)"); script_summary(english:"Check for the openSUSE-2017-1121 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for nextcloud fixes the following issues : - CVE-2017-9286: During upgrade of the nextcloud package local attackers could gain root access via a /tmp file race. (boo#1036756)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036756" ); script_set_attribute( attribute:"solution", value:"Update the affected nextcloud package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nextcloud"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"nextcloud-11.0.3-3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nextcloud"); }

Summary

Vulnerable Configurations

Nessus

References