Skip to main content

Hesiod

2 CVEs product

Monthly

CVE-2016-10152 CRITICAL PATCH Act Now

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Hesiod
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-10151 HIGH PATCH This Week

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via. Rated high severity (CVSS 7.0).

Privilege Escalation Hesiod
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Hesiod
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via. Rated high severity (CVSS 7.0).

Privilege Escalation Hesiod
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy