Description
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
References
http://www.openwall.com/lists/oss-security/2021/10/14/2
ExploitThird Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1183057
ExploitIssue TrackingPatchThird Party Advisory
https://www.claudiokuenzler.com/monitoring-plugins/check_smart.php
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2021-10-11T20:15:07.373
3 years agoLast modified
2023-11-14T00:15:07.430
1 year ago