Описание
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
Ссылки
- ExploitVendor Advisory
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- ExploitVendor Advisory
- PatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.2 High
CVSS2
Дефекты
Связанные уязвимости
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
EPSS
7.2 High
CVSS2