ID de Prueba:	1.3.6.1.4.1.25623.1.0.117817
Categoría:	Privilege escalation
Título:	Collabora CODE / Collabora Online < 4.2.13 / 5.x < 6.4.3 Privilege Escalation Vulnerability
Resumen:	'loolforkit' as used in Collabora CODE (Collabora Online; Development Edition) and Collabora Online is prone to a privilege escalation vulnerability.
Descripción:	Summary: 'loolforkit' as used in Collabora CODE (Collabora Online Development Edition) and Collabora Online is prone to a privilege escalation vulnerability. Vulnerability Insight: 'loolforkit' is a privileged program that is supposed to be run by a special, non-privileged 'lool' user. Before doing anything else 'loolforkit' checks, if it was invoked by the 'lool' user, and refuses to run with privileges, if it's not the case. In the vulnerable version of 'loolforkit' this check was wrong, so a normal user could start 'loolforkit' and eventually get local root privileges. Affected Software/OS: Collabora CODE / Collabora Online versions prior to 4.2.13 and 5.x/6.x prior to 6.4.3. Solution: Update to version 4.2.13, 6.4.3 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-25630 https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v https://www.openwall.com/lists/oss-security/2021/01/18/3
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.