PT-2023-21593 · Kdab+1 · Kdab Hotspot+1

Matthias Gerstner

Publicado

2023-03-14

Atualizado

2024-06-15

CVE-2023-28144

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KDAB Hotspot versions 1.3.x through 1.4.1

Description The issue allows privilege escalation due to race conditions involving symlinks and elevate perf privileges.sh chown calls, specifically in non-default configurations.

Recommendations For versions 1.3.x through 1.4.1, consider restricting access to the elevate perf privileges.sh script until a patch is available. As a temporary workaround, avoid using the chown calls in the elevate perf privileges.sh script to minimize the risk of exploitation. Restrict the creation of symlinks to prevent potential privilege escalation.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2023-28144

OPENSUSE-SU-2024:12782-1

Produtos afetados

Debian

Kdab Hotspot

PT-2023-21593 · Kdab+1 · Kdab Hotspot+1

CVE-2023-28144

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17