Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SUSE Linux Permissions软件包CHKSTAT不安全权限处理漏洞
Vulnerability Description
SuSE Linux是一款开放源代码Linux系统。 SuSE Linux对文件链接的属性检查存在漏洞,本地攻击者可能利用这个漏洞非授权读取敏感信息。 SuSE Linux捆绑了3组预定义权限,分别是easy、secure和paranoid。permissions软件包所捆绑的chkstat程序可以检查这些权限并选择其中一个级别。easy级为默认的级别,允许一些完全可写的的目录,/usr/src/packages/RPMS及其子目录就是其中之一。为了防范用户的恶意行为,如链接到/etc/shadow,ch
CVSS Information
N/A
Vulnerability Type
N/A