VulnerableCode Package Details - pkg:deb/ubuntu/flightgear@3.0.0-4

Search for packages

Package details: pkg:deb/ubuntu/flightgear@3.0.0-4

Essentials
History (0)

purl	pkg:deb/ubuntu/flightgear@3.0.0-4

Next non-vulnerable version	1:2017.2.1+dfsg-4
Latest non-vulnerable version	1:2017.2.1+dfsg-4
Risk	3.4

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-7txw-7t76-aaab Aliases: CVE-2017-8921	In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.	1:2017.2.1+dfsg-4 Affected by 0 other vulnerabilities.
VCID-jx8t-94cp-aaas Aliases: CVE-2016-9956	The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.	1:2017.2.1+dfsg-4 Affected by 0 other vulnerabilities.
VCID-vm83-ajzg-aaan Aliases: CVE-2017-13709	In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.	1:2017.2.1+dfsg-4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version