RSS   Vulnerabilities for 'Log-user-session'   RSS

2018-12-20
 
CVE-2018-1000857

CWE-22
 

 
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.

 


Copyright 2024, cxsecurity.com

 

Back to Top