|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for xawtv (DLA-2246-1)|
|Summary:||The remote host is missing an update for the 'xawtv'; package(s) announced via the DLA-2246-1 advisory.|
The remote host is missing an update for the 'xawtv'
package(s) announced via the DLA-2246-1 advisory.
An issue was discovered in LinuxTV xawtv before 3.107. The function
dev_open() in v4l-conf.c does not perform sufficient checks to
prevent an unprivileged caller of the program from opening unintended
filesystem paths. This allows a local attacker with access to the
v4l-conf setuid-root program to test for the existence of arbitrary
files and to trigger an open on arbitrary files with mode O_RDWR.
To achieve this, relative path components need to be added to the
device path, as demonstrated by a
v4l-conf -c /dev/../root/.bash_history command.
'xawtv' package(s) on Debian Linux.
For Debian 8 'Jessie', this problem has been fixed in version
We recommend that you upgrade your xawtv packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-13696|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.