Description
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
References (2)
Core 2
Core References
Various Sources mailing-list
x_refsource_mlist
http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (3)
novell/suse_linux_enterprise_desktop
12.0 sp1
novell/suse_linux_enterprise_server
12.0 sp1
opensuse/leap
42.1
Published
Sep 08, 2017
Tracked Since
Feb 18, 2026