Navigation
Search
|
Below: local privilege escalation (SUSE security team blog)
Wednesday March 12, 2025. 03:47 PM , from LWN.net
The SUSE Security Team blog has a post with a
detailed analysis of a vulnerability (CVE-2025-27591) in the below tool for recording and displaying system data. In January 2025, Below was packaged and submitted to openSUSE Tumbleweed. Below runs as a systemd service with root privileges. The SUSE security team monitors additions and changes to systemd service unit files in openSUSE Tumbleweed, and through this we noticed problematic log directory permissions applied in Below's code.
https://lwn.net/Articles/1013842/
Related News |
25 sources
Current Date
Mar, Fri 14 - 14:30 CET
|