CVE-2017-6200

Published: Feb 6, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.

Affected (1)

Products: Sandstorm: Sandstorm

Sandstorm

1 product

Sandstorm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sandstorm Sandstorm	Before 0.203

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/sandstorm-io/sandstorm/blob/v0.202/src/sandstorm/backup.c%2B%2B#L271

Source: cve@mitre.org

Third Party Advisory

https://github.com/sandstorm-io/sandstorm/commit/4ea8df7403381d9b657b121b3c98d8081b27414d

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/sandstorm-io/sandstorm/commit/6e8572ea8bb56d0216bb1b410e5040edc051b120

Source: cve@mitre.org

PatchThird Party Advisory

https://sandstorm.io/news/2017-03-02-security-review

Source: cve@mitre.org

Vendor Advisory

https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/