Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCanary Executes Commands From Potentially Writable Config File
Vulnerability Description
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenCanary 安全漏洞
Vulnerability Description
OpenCanary是Thinkst Applied Research开源的一个多协议网络蜜罐。 OpenCanary 0.9.4版本之前存在安全漏洞,该漏洞源于配置文件存储在非特权用户目录中,但守护进程由 root 执行,因此非特权用户可以更改配置文件,并在 root 稍后运行守护进程时提升权限。
CVSS Information
N/A
Vulnerability Type
N/A