Base Score

MEDIUM4.9

CVE-2016-7787

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

VectorNETWORK

Published Bycve@mitre.org

Published DateDec 23, 2016, 22:59

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

4.9

Vector String

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

http://lists.opensuse.org/opensuse-updates/2016-10/msg00031.html
http://lists.opensuse.org/opensuse-updates/2016-10/msg00034.html
http://www.openwall.com/lists/oss-security/2016/09/29/7
http://www.securityfocus.com/bid/93224

Base Score

MEDIUM4.9

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

4.9

Vector String

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE