CVE-2018-1000857

Name of the Vulnerable Software and Affected Versions log-user-session versions 0.7 and earlier

Description The issue allows for a Directory Traversal vulnerability in the Main SUID-binary /usr/local/bin/log-user-session, potentially resulting in User to root privilege escalation. This can be exploited by a malicious unprivileged user executing the vulnerable binary or through environment variable manipulation, with similarities to shell-shock.

Recommendations For log-user-session versions 0.7 and earlier, consider restricting access to the /usr/local/bin/log-user-session binary until a patch is available. As a temporary workaround, avoid using environment variables that could be manipulated to exploit the vulnerability.