Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-45752

HistorySep 19, 2024 - 4:15 p.m.

CVE-2024-45752

2024-09-1916:15:04

Debian Security Bug Tracker

security-tracker.debian.org

logiops 0.3.4

unprivileged user

configure logid daemon

d-bus service

privilege escalation

CVSS3

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

22.3%

JSON

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.

OSVersionArchitecturePackageVersionFilename
Debian12alllogiops<= 0.3.1-1logiops_0.3.1-1_all.deb
Debian999alllogiops<= 0.3.4-1logiops_0.3.4-1_all.deb
Debian13alllogiops<= 0.3.4-1logiops_0.3.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	logiops	<= 0.3.1-1	logiops_0.3.1-1_all.deb
Debian	999	all	logiops	<= 0.3.4-1	logiops_0.3.4-1_all.deb
Debian	13	all	logiops	<= 0.3.4-1	logiops_0.3.4-1_all.deb

CVSS3

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

22.3%

JSON

Related for DEBIANCVE:CVE-2024-45752