CVE-2016-6153

MEDIUM

Description

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

References

http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html

http://www.openwall.com/lists/oss-security/2016/07/01/1

http://www.openwall.com/lists/oss-security/2016/07/01/2

http://www.securityfocus.com/bid/91546

http://www.sqlite.org/cgi/src/info/67985761aa93fb61

https://lists.fedoraproject.org/archives/list/[email protected]/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/

https://usn.ubuntu.com/4019-1/

https://usn.ubuntu.com/4019-2/

https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

https://www.sqlite.org/releaselog/3_13_0.html

https://www.tenable.com/security/tns-2016-20

Details

Source: MITRE

Published: 2016-09-26

Updated: 2018-10-30

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Impact Score: 3.4

Exploitability Score: 2.5

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* versions up to 3.12.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
137983EulerOS Virtualization 3.0.6.0 : sqlite (EulerOS-SA-2020-1764)NessusHuawei Local Security Checks
medium
134496EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1207)NessusHuawei Local Security Checks
high
132199EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2019-2664)NessusHuawei Local Security Checks
medium
131615EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2019-2461)NessusHuawei Local Security Checks
high
129185EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1991)NessusHuawei Local Security Checks
high
126065Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : SQLite vulnerabilities (USN-4019-1)NessusUbuntu Local Security Checks
high
124150SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:0973-1)NessusSuSE Local Security Checks
medium
123743EulerOS Virtualization 2.5.3 : sqlite (EulerOS-SA-2019-1275)NessusHuawei Local Security Checks
high
100027Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)NessusMacOS X Local Security Checks
high
100026Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
100025Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)NessusWindows
high
96337Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)NessusMisc.
critical
93285SUSE SLES11 Security Update : sqlite3 (SUSE-SU-2016:2021-1)NessusSuSE Local Security Checks
medium
93189SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2016:1945-1)NessusSuSE Local Security Checks
medium
92976openSUSE Security Update : sqlite3 (openSUSE-2016-970)NessusSuSE Local Security Checks
medium
92744openSUSE Security Update : sqlite3 (openSUSE-2016-931)NessusSuSE Local Security Checks
medium
92225Fedora 24 : sqlite (2016-0138339b54)NessusFedora Local Security Checks
medium
91948Debian DLA-543-1 : sqlite3 security updateNessusDebian Local Security Checks
medium
91929FreeBSD : SQLite3 -- Tempdir Selection Vulnerability (546deeea-3fc6-11e6-a671-60a44ce6887b)NessusFreeBSD Local Security Checks
medium