VYPR
Unrated severityNVD Advisory· Published Jan 9, 2020· Updated Aug 5, 2024

CVE-2019-20373

CVE-2019-20373

Description

LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.

Affected products

2
  • LTSP/LDMdescription
  • Ltsp/ldmllm-fuzzy
    Range: <=2.18.06

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.