Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
References
Link | Resource |
---|---|
https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 | Not Applicable |
https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206 | Not Applicable |
https://github.com/adamreiser/dmiwrite | Exploit Third Party Advisory |
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html | Mailing List Patch Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-13T00:00:00
Updated: 2023-04-13T00:00:00
Reserved: 2023-04-13T00:00:00
Link: CVE-2023-30630
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-13T16:15:07.930
Modified: 2023-09-28T17:54:17.707
Link: CVE-2023-30630
JSON object: View
Redhat Information
No data.
CWE