Описание
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
Ссылки
- Vendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ecartis:ecartis:1.0.0_snapshot_2002-01-21:*:*:*:*:*:*:*
cpe:2.3:a:ecartis:ecartis:1.0.0_snapshot_2002-01-25:*:*:*:*:*:*:*
cpe:2.3:a:listar:listar:0.126a:*:*:*:*:*:*:*
cpe:2.3:a:listar:listar:0.127a:*:*:*:*:*:*:*
cpe:2.3:a:listar:listar:0.129a:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00151
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
EPSS
Процентиль: 36%
0.00151
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other