CVE-2023-31871

CVE-2023-31871

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.

Source: CVE-2023-31871

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다