CVE-2024-6714 – Ubuntu Security Notice USN-6912-1

https://notcve.org/view.php?id=CVE-2024-6714

23 Jul 2024 — An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Se descubrió un problema en provd anterior a la versión 0.1.5 con un binario setuid, que permite a un atacante local escalar sus privilegios. James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges. • https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574 • CWE-73: External Control of File Name or Path •