CVE-2018-1000857

HIGH

log-user-session <0.7 - Path Traversal

Title source: llm
STIX 2.1

Description

log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0325
EPSS Percentile 86.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
open-systems/log-user-session < 0.7
Published Dec 20, 2018
Tracked Since Feb 18, 2026