CVE-2015-0794 — Link Following in Project Dracut

CWE-59 — Link Following3 documents3 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 66.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dracut Project Dracut Debian Dracut

Timeline

PublishedNov 19

Latest updateMay 13

Description

modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶NVDdracut_project/dracut< 037-17.30.1

▶debiandebian/dracut

🔴Vulnerability Details

GHSA

GHSA-j973-4x87-2j5r: modules↗2022-05-13

▶

📋Vendor Advisories

Debian

CVE-2015-0794: dracut - modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in op...↗2015

▶