Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Debian和Ubuntu eject安装包dmcrypt-get-device安全漏洞
Vulnerability Description
Debian是Debian计划(Debian Project)组织维护的一款自由的操作系统;Ubuntu是英国科能(Canonical)公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。eject package是其中的一个用于控制光驱的安装包。dmcrypt-get-device是一套用于eject中的提供透明加密功能的设备映射器。 Debian和Ubuntu中的eject安装包的dmcrypt-get-device存在安全漏洞,该漏洞源于程序没有验证‘setuid’和‘
CVSS Information
N/A
Vulnerability Type
N/A