World-writable permissions in OpenHPI Makefile.am leading to disk consumption denial of service vulnerability

CVE-2015-3248 · MEDIUM Severity

AV:L/AC:M/AU:N/C:N/I:N/A:C

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).

Learn more about our User Device Pen Test.