Описание
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
Конфигурация 2Версия до 4.4 (включая)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
EPSS
Процентиль: 33%
0.00129
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other