Detections
Analytics
Alpine: multiple lxterminal packages: security update to 0.3.0-r0 (deprecated)
high Tenable Cloud Security Plugin ID 400815
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to
cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal
access control). (CVE-2016-10369)
See Also
https://git.alpinelinux.org/aports/commit/?id=1c0b7832bcd99561ec460174fd75dee6941e8d1a
https://git.alpinelinux.org/aports/commit/?id=1e49fb2fed3a645ef6f77d40314c8aab20c8fa6a
Plugin Details
Severity: High
ID: 400815
Version: Revision 1.22
Type: Local
Published: 8/16/2023
Updated: 1/17/2024
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-10369
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 8/22/2017
Vulnerability Publication Date: 5/8/2017
Reference Information
CVE: CVE-2016-10369