CVE-2015-3248 Information

Description

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory which allows local users when quotas are not properly setup to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168841.html http://openhpi.org/Changelogs/3.6.0 https://bugzilla.redhat.com/show_bug.cgi?id=1233521

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

4.7