Vulnerability Details CVE-2018-1000857
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2018-1000857
-
cpe:2.3:a:open-systems:log-user-session:0.1
-
cpe:2.3:a:open-systems:log-user-session:0.2
-
cpe:2.3:a:open-systems:log-user-session:0.3
-
cpe:2.3:a:open-systems:log-user-session:0.4
-
cpe:2.3:a:open-systems:log-user-session:0.5
-
cpe:2.3:a:open-systems:log-user-session:0.6
-
cpe:2.3:a:open-systems:log-user-session:0.7