A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a…
fedora·CWE-367·Published 2022-09-21
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
Se ha encontrado una vulnerabilidad de condición de carrera de tiempo de comprobación (TOCTOU) en networkd-dispatcher. Este fallo se presenta porque hay un determinado tiempo entre que son detectados los scripts y son ejecutados. Un atacante puede abusar de esta vulnerabilidad para sustituir los scripts que networkd-dispatcher cree que son propiedad de root por otros que no lo son
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 4.7 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Primary | NVD | 4.7 | 1.0 | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Primary | cve.org | 4.7 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Secondary | NVD | 4.7 | 1.0 | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |