Note:
This project will be discontinued after December 13, 2021. [more]
2019-10-09
Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.
| Products | Nix |
| Type | Incorrect Default Permissions (CWE-276) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.openwall.com/lists/oss-security/2019/10/17/3
• http://www.openwall.com/lists/oss-security/2019/10/09/4 • http://www.openwall.com/lists/oss-security/2019/10/10/1 |