Vulnerability Description
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eyrie | Remctl | < 3.14 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://git.eyrie.org/?p=kerberos/remctl.git%3Ba=commit%3Bh=86c7e44090c988112a37
- https://www.debian.org/security/2018/dsa-4159Third Party Advisory
- https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.htmlVendor Advisory
- https://git.eyrie.org/?p=kerberos/remctl.git%3Ba=commit%3Bh=86c7e44090c988112a37
- https://www.debian.org/security/2018/dsa-4159Third Party Advisory
- https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.htmlVendor Advisory
FAQ
What is CVE-2018-0493?
CVE-2018-0493 is a vulnerability with a CVSS score of 7.2 (HIGH). remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command...
How severe is CVE-2018-0493?
CVE-2018-0493 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0493?
Check the references section above for vendor advisories and patch information. Affected products include: Eyrie Remctl, Debian Debian Linux.