漏洞标题
N/A
漏洞描述信息
SUSE openSUSE Factory将/var/log/cobbler/目录树的所有权分配给Web服务用户账户,这可能会允许本地用户通过利用Cobbler主程序在根文件系统操作中访问该账户来获取权限。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Novell SUSE openSUSE Factory特权提升漏洞
漏洞描述信息
Novell SUSE openSUSE Factory指定了/var/log/cobbler/目录树的所有关系给web服务用户账户。本地用户可以在Cobbler守护进程对根文件系统操作的过程中,利用对该账户的访问,获取特权。
CVSS信息
N/A
漏洞类别
授权问题