Unrated severityNVD Advisory· Published Jan 9, 2020· Updated Aug 5, 2024
CVE-2019-20373
CVE-2019-20373
Description
LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.
Affected products
2- LTSP/LDMdescription
Patches
Vulnerability mechanics
References
3- www.debian.org/security/2020/dsa-4601mitrevendor-advisoryx_refsource_DEBIAN
- git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/01/msg00007.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.