Description
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
Low
User Interaction
Passive
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- SUSE / SUSE Linux Enterprise Desktop 15 SP6? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise High Performance Computing 15 SP6? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise Micro 5.3? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise Micro 5.4? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise Micro 5.5? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise Module for Basesystem 15 SP6? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise Server 15 SP6? – 4.6.2-150000.5.8.1
- SUSE / SUSE Linux Enterprise Server for SAP Applications 15 SP6? – 4.6.2-150000.5.8.1