PT-2022-17430 · Seatd+1 · Seatd+1

Kenny Levinsen

Published

2022-02-22

Updated

2024-06-15

CVE-2022-25643

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions seatd versions 0.6.x through 0.6.3

Description The issue allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

Recommendations For seatd versions 0.6.x through 0.6.3, update to version 0.6.4 or later to resolve the issue. As a temporary workaround, consider removing the setuid root installation to minimize the risk of exploitation. Restrict access to the seatd-launch component to prevent unauthorized file removal until the issue is resolved.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

ALT-PU-2022-2287

CVE-2022-25643

OPENSUSE-SU-2024:11875-1

Affected Products

Alt Linux

Seatd

PT-2022-17430 · Seatd+1 · Seatd+1

CVE-2022-25643

Weakness Enumeration

Related Identifiers

Affected Products

References · 15