Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nfs-utils: root-owned files stored in insecure /var/lib/nfs directory
Vulnerability Description
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
缺省权限不正确
Vulnerability Title
Micro Focus SUSE Linux Enterprise Server nfs-utils 安全漏洞
Vulnerability Description
Micro Focus SUSE Linux Enterprise Server是英国Micro Focus公司的一套企业服务器版Linux操作系统。nfs-utils是使用在其中的一个用于管理NFS(网络文件系统)的实用程序。 SUSE Linux Enterprise Server 12 1.3.0-34.18.1及之前版本和15 2.1.1-6.10.2及之前版本中的nfs-utils包存在安全漏洞。攻击者可利用该漏洞在系统的任意位置创建/覆盖文件。
CVSS Information
N/A
Vulnerability Type
N/A