mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
962 B
962 B
CVE-2018-1000857
Description
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.
POC
Reference
- https://www.halfdog.net/Security/2018/LogUserSessionLocalRootPrivilegeEscalation/
- https://www.halfdog.net/Security/2018/LogUserSessionLocalRootPrivilegeEscalation/
Github
No PoCs found on GitHub currently.