Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
sendmail: mail to root privilege escalation via sm-client.pre script
Vulnerability Description
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
systemd 后置链接漏洞
Vulnerability Description
systemd是德国Lennart Poettering个人开发者的一款基于Linux的系统和服务管理器。该产品兼容了SysV和LSB的启动脚本,且提供了一个用来表示系统服务间依赖关系的框架。 systemd 1.1版本至8.17.1版本存在后置链接漏洞,该漏洞源于 systemd sendmail 服务调用的脚本中存在文件访问错误链接解析(“链接跟随”)漏洞。攻击者利用该漏洞升级权限。
CVSS Information
N/A
Vulnerability Type
N/A