Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary read/write in DBdeployer
Vulnerability Description
DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defenses. For the attack to succeed, the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root, it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source, without testing the checksum. When the tarball is retrieved through dbdeployer, the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Datacharmer Dbdeployer 后置链接漏洞
Vulnerability Description
Datacharmer Dbdeployer是Datacharmer个人开发者的一个基于Go语言的用于高效部署Mysql数据库的软件。 DBdeployer 1.58.2之前版本存在安全漏洞,该漏洞源于用户解包tarball时可能会使用恶意打包的tarball,其中包含指向目标外部文件的符号链接。在这种情况下,攻击者可利用该漏洞可以诱导dbdeployer写入系统文件,从而改变计算机防御。
CVSS Information
N/A
Vulnerability Type
N/A