Описание
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:2.10-22 |
| esm-infra-legacy/trusty | released | 2.1-0ubuntu1.7+esm5 |
| esm-infra/bionic | released | 2:2.6-15ubuntu2.8+esm1 |
| esm-infra/focal | released | 2:2.9-1ubuntu4.4 |
| esm-infra/xenial | released | 2.4-0ubuntu6.8+esm1 |
| focal | released | 2:2.9-1ubuntu4.4 |
| jammy | released | 2:2.10-6ubuntu2.1 |
| mantic | ignored | end of life, was needs-triage |
| noble | released | 2:2.10-21ubuntu0.1 |
| trusty/esm | released | 2.1-0ubuntu1.7+esm5 |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
An issue was discovered in Ubuntu wpa_supplicant that resulted in load ...
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Уязвимость клиента защищённого доступа Wi-Fi WPA Supplicant, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю повысить свои привилегии
EPSS
8.8 High
CVSS3