ID CVE-2018-10886
Summary ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-4943B0505B.NASL
    description Backport fix for arbitrary file write vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 110930
    published 2018-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110930
    title Fedora 27 : ant (2018-4943b0505b)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-CBA3CCD747.NASL
    description Backport fix for arbitrary file write vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120793
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120793
    title Fedora 28 : ant (2018-cba3ccd747)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3721-1.NASL
    description Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111330
    published 2018-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111330
    title Ubuntu 14.04 LTS : ant vulnerability (USN-3721-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1057.NASL
    description This update for ant fixes the following issues : Security issue fixed : - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-09-28
    plugin id 117819
    published 2018-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117819
    title openSUSE Security Update : ant (openSUSE-2018-1057)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1431.NASL
    description unzip and untar target tasks in ant allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant. For Debian 8 'Jessie', these problems have been fixed in version 1.9.4-3+deb8u1. We recommend that you upgrade your ant packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 111168
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111168
    title Debian DLA-1431-1 : ant security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4255.NASL
    description Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable by the user running ant.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111317
    published 2018-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111317
    title Debian DSA-4255-1 : ant - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1047.NASL
    description It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.(CVE-2018-10886)
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 111338
    published 2018-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111338
    title Amazon Linux AMI : ant (ALAS-2018-1047)
Last major update 16-07-2018 - 15:29
Published 16-07-2018 - 15:29
Last modified 25-07-2018 - 21:29
Back to Top