Unsigned Library Vulnerability in ProlinOS by Prolin Technologies
CVE-2020-28045

7.8HIGH

Key Information:

Vendor: Pax
Status: Prolinos
Vendor: CVE Published:; 2 November 2020

What is CVE-2020-28045?

A vulnerability in ProlinOS allows an attacker to bypass security measures due to the lack of signature verification for shared libraries. While the operating system mandates that installed applications and system binaries are signed, shared libraries can be used without verification. This loophole enables an attacker to load a malicious shared object via the LD_PRELOAD mechanism, leading to the execution of unauthorized binaries within the system environment.

References

https://git.lsd.cat/g/pax-pwn

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Nov 1, 2020

Pax

What is CVE-2020-28045?

References

CVSS V3.1

Timeline