Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
watchman: chown in watchman@.socket unit allows symlink attack
Vulnerability Description
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
SUSE Linux Enterprise Server 后置链接漏洞
Vulnerability Description
SUSE Linux Enterprise Server是德国SUSE公司的一套企业服务器版Linux操作系统。 SUSE Linux Enterprise Server (SLES) 存在安全漏洞,攻击者可以创建一个符号链接,以通过 Socket Unit 以 Watchman 的权限更改指向的文件。
CVSS Information
N/A
Vulnerability Type
N/A