PT-2020-16908 · Prolion · Prolinos
Published
2020-11-01
·
Updated
2020-11-19
·
CVE-2020-28045
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProlinOS versions through 2.4.161.8859R
Description
A security issue was found in the way ProlinOS handles unsigned libraries. The operating system requires applications and system binaries to be signed, but shared libraries do not need to be signed and are not verified. This allows an attacker to execute a custom binary by compiling it as a shared object and loading it via
LD PRELOAD.Recommendations
For ProlinOS versions through 2.4.161.8859R, consider restricting the use of
LD PRELOAD to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid loading custom shared objects to prevent potential attacks.Exploit
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prolinos