Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LinuxTV xawtv 安全漏洞
Vulnerability Description
LinuxTV xawtv是LinuxTV社区的一套用于使用电视调谐器或电视观看和录制电视和网络摄像头的软件。 LinuxTV xawtv 3.107之前版本中的v4l-conf.c文件的‘dev_open()’函数存在安全漏洞,该漏洞源于程序缺乏充分的验证。本地攻击者可通过访问v4l-conf setuid-root程序利用该漏洞测试所存在文件并打开任意文件。
CVSS Information
N/A
Vulnerability Type
N/A