vulnerability
CentOS Linux: CVE-2018-1079: Important: pcs security update (CESA-2018:1060)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Apr 10, 2018 | Jun 1, 2018 | May 25, 2023 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Apr 10, 2018
Added
Jun 1, 2018
Modified
May 25, 2023
Description
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
Solution(s)
centos-upgrade-pcscentos-upgrade-pcs-debuginfocentos-upgrade-pcs-snmp
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.