CVE-2015-0794
First published: Thu Nov 19 2015(Updated: )
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dracut | <037-17.30.1 | |
| SUSE Linux | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0794?
CVE-2015-0794 has a moderate severity rating due to its potential for local user exploitation through a symlink attack.
How do I fix CVE-2015-0794?
To fix CVE-2015-0794, update the dracut package to version 037-17.30.1 or later.
What does CVE-2015-0794 affect?
CVE-2015-0794 affects the dracut package in openSUSE 13.2 prior to version 037-17.30.1.
Can CVE-2015-0794 be exploited by remote attackers?
CVE-2015-0794 is not exploitable by remote attackers as it requires local access to the system.
What is a symlink attack in the context of CVE-2015-0794?
A symlink attack in CVE-2015-0794 involves creating a symbolic link to manipulate file access, potentially leading to unauthorized actions.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dracut project
- canonical/dracut
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.2