Directory Traversal Vulnerability in log-user-session Version 0.7 and Earlier Allows User to Root Privilege Escalation

Directory Traversal Vulnerability in log-user-session Version 0.7 and Earlier Allows User to Root Privilege Escalation

CVE-2018-1000857 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.

Learn more about our User Device Pen Test.