PT-2021-23841 · Gnu Hurd · Gnu Hurd
Sergey Bugaev
·
Published
2021-11-07
·
Updated
2023-08-08
·
CVE-2021-43414
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GNU Hurd versions prior to 0.9 20210404-9
Description
An issue in the authentication protocol used by the proc server makes it vulnerable to man-in-the-middle attacks. This can be exploited for local privilege escalation, allowing attackers to gain full root access.
Recommendations
For versions prior to 0.9 20210404-9, update to version 0.9 20210404-9 or later to resolve the issue.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu Hurd