The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of mosquitto: privilege escalation via MQTT broker

Synthesis of the vulnerability

An attacker can bypass restrictions via MQTT broker of mosquitto, in order to escalate his privileges.
Severity of this announce: 1/4.
Creation date: 30/05/2017.
Références of this computer vulnerability: CVE-2017-7650, DLA-961-1, DSA-3865-1, FEDORA-2017-486a536b62, FEDORA-2017-59f85fef2c, FEDORA-2017-c2113aacd2, VIGILANCE-VUL-22855.

Description of the vulnerability

An attacker can bypass restrictions via MQTT broker of mosquitto, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

This vulnerability announce impacts software or systems such as Debian, Fedora.

Our Vigil@nce team determined that the severity of this cybersecurity threat is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat

Debian: new mosquitto packages.
New packages are available:
  Debian 8: mosquitto 1.3.4-2+deb8u1
  Debian 7: mosquitto 0.15-2+deb7u1

Fedora: new mosquitto packages.
New packages are available:
  Fedora 26: mosquitto 1.4.12-1.fc26
  Fedora 25: mosquitto 1.4.12-1.fc25
  Fedora 24: mosquitto 1.4.12-1.fc24
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerability alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.