CVE-2021-25630

CVE-2021-25630

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it’s not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

Source: CVE-2021-25630

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다