Описание
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
Ссылки
- Exploit
- PatchVendor Advisory
- PatchVendor AdvisoryURL Repurposed
- Exploit
- PatchVendor Advisory
- PatchVendor AdvisoryURL Repurposed
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.10:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:tarantella:tarantella_enterprise:3.3.20:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00315
Низкий
6.2 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
EPSS
Процентиль: 54%
0.00315
Низкий
6.2 Medium
CVSS2
Дефекты
NVD-CWE-Other