Subj : Below: local privilege escalation (SUSE security team blog)
To   : All
From : LWN.net
Date : Wed Mar 12 2025 15:00:08

Below: local privilege escalation (SUSE security team blog)

Date:
Wed, 12 Mar 2025 14:47:20 +0000

Description:
The SUSE Security Team blog has a post with a
detailed analysis of a vulnerability ( CVE-2025-27591 )
in the below tool for recording and displaying system data. In January 2025, 
Below was packaged and submitted to openSUSE
Tumbleweed. Below runs as a systemd service with root privileges. The
SUSE security team monitors additions and changes to systemd service
unit files in openSUSE Tumbleweed, and through this we noticed
problematic log directory permissions applied in Below's code.

======================================================================
Link to news story:
https://lwn.net/Articles/1013842/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.