Two critical local information-disclosure vulnerabilities affecting millions of Linux systems worldwide, potentially allowing attackers to extract sensitive password data through core dump manipulation.
Skimming through the Qualsys report it seems that the attacker would already need access to the device first, to be able to crash the processes and then collect the hashes, so I’d say this vulnerability appears to need chaining with other(s)?
Skimming through the Qualsys report it seems that the attacker would already need access to the device first, to be able to crash the processes and then collect the hashes, so I’d say this vulnerability appears to need chaining with other(s)?