Описание
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openrc | fixed | 0.45.2-1 | package | |
| openrc | no-dsa | bullseye | package | |
| openrc | no-dsa | buster | package | |
| openrc | no-dsa | stretch | package |
Примечания
https://github.com/OpenRC/openrc/issues/201
http://michael.orlitzky.com/cves/cve-2018-21269.xhtml
https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335 (0.43)
EPSS
Процентиль: 34%
0.00141
Низкий
Связанные уязвимости
CVSS3: 5.5
nvd
больше 5 лет назад
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.
github
больше 3 лет назад
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.
EPSS
Процентиль: 34%
0.00141
Низкий