Description
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
References
https://bugs.gentoo.org/630752
ExploitIssue TrackingPatchThird Party Advisory
https://security.gentoo.org/glsa/202209-10
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-09-20T18:15:09.993
2 years agoLast modified
2022-10-01T02:28:31.213
2 years ago