Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Database获取特权漏洞
Vulnerability Description
Progress Database 9.1至9.1D06版本相信用户输入端使用dlopen查找和加载库,本地用户借助(1)指向恶意库的PATH环境变量,如使用libjutil.so in_proapsv,或者(2) -installdir命令行参数,如使用librocket_r.so in _dbagent.获取特权。
CVSS Information
N/A
Vulnerability Type
N/A