Note:
This project will be discontinued after December 13, 2021. [more]
2020-06-23
GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration file while executing in a setuid root context.
Products | Ubridge |
Type | Information Exposure (CWE-200) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/GNS3/ubridge/commit/2eb0d1dab6a6de76cf3556130a2d52af101077db |
Links |
• https://www.gns3.com/
• https://github.com/GNS3/gns3-server/releases/tag/v2.1.17 • https://theevilbit.github.io/posts/ |