A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
References
Configurations
History
07 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* | |
First Time |
Netapp
Netapp ontap Select Deploy Administration Utility |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220331-0002/ - Third Party Advisory |
31 Mar 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2022, 17:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Kernel util-linux
Kernel |
|
CVSS |
v2 : v3 : |
v2 : 1.9
v3 : 5.5 |
CWE | CWE-209 | |
CPE | cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:* | |
References | (MISC) https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u - Mailing List, Patch, Vendor Advisory |
21 Feb 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. |
21 Feb 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-21 19:15
Updated : 2024-01-07 09:15
NVD link : CVE-2022-0563
Mitre link : CVE-2022-0563
CVE.ORG link : CVE-2022-0563
JSON object : View
Products Affected
netapp
- ontap_select_deploy_administration_utility
kernel
- util-linux
CWE
CWE-209
Generation of Error Message Containing Sensitive Information