Описание
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
A vulnerability was found in hwclock in util-linux, which allowed non-root users to access the hardware clock. This flaw allows an attacker to execute arbitrary code via the path parameter when setting the date.
Отчет
This presents an issue only in scenarios where the administrator has configured hwclock to be setuid root. However, it's important to note that this is a non-default and unlikely configuration.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | util-linux | Out of support scope | ||
| Red Hat Enterprise Linux 8 | util-linux | Not affected | ||
| Red Hat Enterprise Linux 9 | util-linux | Not affected |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
An issue was discovered in hwclock.13-v2.27 allows attackers to gain e ...
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
6.4 Medium
CVSS3