Open-systems - Log-user-session CVE

Filtered by vendor Open-systems Subscribe

Filtered by product Log-user-session

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-1000857	1 Open-systems	1 Log-user-session	2024-11-21	9.0 HIGH	8.8 HIGH
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.

Vulnerabilities (CVE)