Описание
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.
Ссылки
- ExploitMailing ListVendor Advisory
- ExploitMailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.20210404-9 (исключая)
cpe:2.3:a:gnu:hurd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00028
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 7
debian
больше 4 лет назад
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...
CVSS3: 7
github
больше 3 лет назад
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.
EPSS
Процентиль: 8%
0.00028
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-287