Описание
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
Ссылки
- ExploitMailing ListVendor Advisory
- ExploitMailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.20210404-9 (исключая)
cpe:2.3:a:gnu:hurd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 7.8
debian
больше 4 лет назад
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports ac ...
github
больше 3 лет назад
An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.
EPSS
Процентиль: 13%
0.00044
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-416