6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
An issue was discovered in hwclock.13-v2.27 allows attackers to gain
escalated privlidges or execute arbitrary commands via the path parameter
when setting the date.
Author | Note |
---|---|
Priority reason: Non-default and improbable configuration | |
mdeslaur | This is only an issue when hwclock was modified by the administrator to be setuid root, which should never be done. Ubuntu packages are not shipped with the setuid bit set. To prevent misconfiguration, version 2.27 now prevent it from being run setuid. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | util-linux | < any | UNKNOWN |