Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User owned /etc in SLES15-SP1-CHOST-BYOS
Vulnerability Description
A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
SUSE Linux Enterprise Server 安全漏洞
Vulnerability Description
SUSE Linux Enterprise Server是德国SUSE公司的一套企业服务器版Linux操作系统。 SUSE Linux Enterprise Server 15 SP1中的SLES15-SP1-CHOST-BYOS 1.0.3及之前版本和SLES15-SP1-CAP-Deployment-BYOS 1.0.1及之前版本存在安全漏洞。本地攻击者可利用该漏洞升级为root用户。
CVSS Information
N/A
Vulnerability Type
N/A