This issue could result in the creation of new admin users if the "CREATOR OWNER" ACE is not set. A user with "CREATOR OWNER" ACE could add other users with "CREATOR OWNER" ACE, and then escalate privileges. An example of this issue can be seen by adding the following line to the "Platform/windows" ACL in "source/etc/pritunl.ini" file. [CREATOR OWNER] This issue has been assigned the CVE-2018-1057. Red Hat Enterprise Linux users are advised to upgrade to the latest version 4.15.5.1.jp1 of Pritunl.
Summary
The vulnerability CVE-2018-1057 could result in the creation of new admin users if the "CREATOR OWNER" ACE is not set. A user with "CREATOR OWNER" ACE could add other users with "CREATOR OWNER" ACE, and then escalate privileges. An example of this issue can be seen by adding the following line to the "Platform/windows" ACL in "source/etc/pritunl.ini" file. [CREATOR OWNER]
Pritunl Security Advisory: CVE-2022-25373
This issue could result in the disclosure of system secrets if the "CONFIDENTIAL" ACE is not set. A user with "CONFIDENTIAL" ACE can read and/or write to system secrets, including confidential data such as passwords, encryption keys, and other information that is considered secret. An example of this issue can be seen by adding the following line to the "Platform/windows" ACL in "source/etc/pritunl.ini" file. [CONFIDENTIAL] This issue has been assigned the CVE-2018-1057. Red Hat Enterprise Linux users are advised to upgrade to the latest version 4.15.5.1.jp1 of Pritunl.
References:
- https://www.redhat.com/archives/rhsa-announce/2018-March/msg00075.html
- https://access.redhat.com/security/cve/CVE-2018-1057
Software Description
Pritunl is a Perl script that can be used to administer Web servers in Red Hat Enterprise Linux. It includes functions for creating and managing users, setting up mailboxes and email forwarding and reading from file system to create users, adding groups, editing groups, changing user and group ACLs.
The importance of digital marketing: 6 reasons why digital marketing is important
Digital marketing is one of the most effective ways for small businesses to reach new customers. Through these methods, you can directly target your audience with more precision than traditional methods such as print advertisements or TV commercials. With this approach, you can also ensure that your ads are reaching only those people who are most relevant to your business, increasing their likelihood of conversion.
CVE-2023-25373
This issue could result in the creation of new admin users if the "CREATOR OWNER" ACE is not set. A user with "CREATOR OWNER" ACE could add other users with "CREATOR OWNER" ACE, and then escalate privileges. An example of this issue can be seen by adding the following line to the "Platform/windows" ACL in "source/etc/pritunl.ini" file. [CREATOR OWNER] This issue has been assigned the CVE-2018-1057. Red Hat Enterprise Linux users are advised to upgrade to the latest version 4.15.5.1.jp1 of Pritunl.
Timeline
Published on: 02/20/2022 20:15:00 UTC
Last modified on: 04/27/2022 17:04:00 UTC
References
- https://github.com/pritunl/pritunl-client-electron/commit/e16d47437f8ef62546aa00edb0d64be2a7d2205b
- https://github.com/pritunl/pritunl-client-electron/blob/caa78d626198b6961f3f39eca2acd39064c2df96/CHANGES#L6
- https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25372