exploitDog

GHSA-8wrv-rwr6-8qj6

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

Ссылки

EPSS

Процентиль: 14%

0.00045

Низкий

CVE ID

Связанные уязвимости

CVE-2011-1550

ubuntu

почти 15 лет назад

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

CVE-2011-1550

nvd

почти 15 лет назад

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

CVE-2011-1550

debian

почти 15 лет назад

The default configuration of logrotate on SUSE openSUSE Factory uses r ...

EPSS

Процентиль: 14%

0.00045

Низкий

CVE ID