Описание
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.3.4-2.1ubuntu5.3 |
| devel | released | 1:1.3.4-2.5ubuntu5 |
| disco | ignored | end of life |
| eoan | released | 1:1.3.4-2.5ubuntu2.1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | released | 1:1.3.4-2.1ubuntu5.3 |
| esm-infra/focal | released | 1:1.3.4-2.5ubuntu3.3 |
| esm-infra/xenial | released | 1:1.2.8-9ubuntu12.3 |
| focal | released | 1:1.3.4-2.5ubuntu3.3 |
| groovy | released | 1:1.3.4-2.5ubuntu5 |
Показывать по
10 Critical
CVSS2
5.1 Medium
CVSS3
Связанные уязвимости
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...
10 Critical
CVSS2
5.1 Medium
CVSS3