1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
Candidate: CVE-2016-3958
PublicDate: 2016-05-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3958
https://golang.org/cl/21428
http://seclists.org/oss-sec/2016/q2/11
Description:
Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before
1.6.1 on Windows allows local users to gain privileges via a Trojan horse
DLL in the current working directory, related to use of the LoadLibrary
function.
Ubuntu-Description:
Notes:
mdeslaur> Packages built using golang need to be rebuilt once the
mdeslaur> vulnerability has been fixed. This CVE entry does not
mdeslaur> list packages that need rebuilding outside of the main
mdeslaur> repository or the Ubuntu variants with PPA overlays.
sbeattie> windows only dll preload attack
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_golang:
upstream_golang: needs-triage
precise_golang: not-affected (windows only)
trusty_golang: not-affected (windows only)
vivid/stable-phone-overlay_golang: not-affected (windows only)
vivid/ubuntu-core_golang: not-affected (windows only)
wily_golang: not-affected (windows only)
devel_golang: DNE
Patches_golang-1.6:
upstream_golang-1.6: needs-triage
precise_golang-1.6: DNE
trusty_golang-1.6: not-affected (windows only)
vivid/stable-phone-overlay_golang-1.6: DNE
vivid/ubuntu-core_golang-1.6: DNE
wily_golang-1.6: DNE
devel_golang-1.6: not-affected (windows only)
|