Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
References
Link | Resource |
---|---|
https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/43221/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-01T17:00:00
Updated: 2017-12-19T10:57:01
Reserved: 2017-10-26T00:00:00
Link: CVE-2017-15918
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-01T17:29:00.353
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-15918
JSON object: View
Redhat Information
No data.
CWE