1 results (0.001 seconds)
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8659
https://notcve.org/view.php?id=CVE-2016-8659
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. Bubblewrap en versiones anteriores a 0.1.3 establece la bandera PR_SET_DUMPABLE, lo que podría permitir a usuarios locales obtener privilegios adjuntando al proceso, como se demuestra enviando comandos a un socket PrivSep. • http://www.openwall.com/lists/oss-security/2016/10/12/5 http://www.openwall.com/lists/oss-security/2016/10/13/4 http://www.securityfocus.com/bid/93542 https://github.com/projectatomic/bubblewrap/issues/107 • CWE-264: Permissions, Privileges, and Access Controls •