漏洞类别:RedHat
漏洞等级: 
漏洞信息
The powerpc-utils-python packages provide Python-based utilities for maintaining and servicing PowerPC systems.
Security Fix(es):
* It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process. (CVE-2014-8165)
This issue was discovered by Dhiru Kholia of Red Hat Product Security.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
漏洞危害
This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:2607 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论