Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
bsdmainutils任意系统文件查看漏洞
Vulnerability Description
Debian bsdmainutils包含Calendar工具,此工具可通知用户将要发生的事件。 Calendar在读取事件文件时处理不正确,本地攻击者可以利用这个漏洞以root用户权限访问任意系统文件。 Calendar程序使用如下格式的事件文件: <date><tab><event description> 当调用"-a"选项时,程序会处理所有用户的事件文件并发送EMAIL。不过在以'-a'选项Calendar处理时没有正确丢弃权限(需要root用户权限),攻击者通过建立如下的事件文件,可导致获得SH
CVSS Information
N/A
Vulnerability Type
N/A