漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenCanary Executes Commands From Potentially Writable Config File
Vulnerability Description
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenCanary 安全漏洞
Vulnerability Description
OpenCanary是Thinkst Applied Research开源的一个多协议网络蜜罐。 OpenCanary 0.9.4版本之前存在安全漏洞,该漏洞源于配置文件存储在非特权用户目录中,但守护进程由 root 执行,因此非特权用户可以更改配置文件,并在 root 稍后运行守护进程时提升权限。
CVSS Information
N/A
Vulnerability Type
N/A