uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Uptimed | Uptimed_project | * | 0.4.6 (excluding) |