CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
DISPUTED os-prober in os-prober 1.17 allows local users to overwrite
arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2)
/tmp/raided-map temporary file. NOTE: the vendor disputes this issue,
stating “the insecure code path should only ever run inside a d-i
environment, which has no non-root users.”
Author | Note |
---|---|
mdeslaur | upstream disputes this, let’s ignore |