Описание
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.2.4 (исключая)
cpe:2.3:a:google:fscrypt:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
6.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 7 лет назад
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
CVSS3: 6.5
debian
больше 7 лет назад
The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore ...
EPSS
Процентиль: 43%
0.00206
Низкий
6.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
NVD-CWE-noinfo