Home

CVE-2015-7442

Description

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.039

Associated Vulnerability

VulnerabilityOS Platform
Kernel-uek update (ELSA-2020-5913) kernel-uek-4.14.35-2025.402.2.1.el7uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2020-5913) kernel-uek-debug-4.14.35-2025.402.2.1.el7uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2020-5913) kernel-uek-debug-devel-4.14.35-2025.402.2.1.el7uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2020-5913) kernel-uek-devel-4.14.35-2025.402.2.1.el7uek.x86_64.rpmLinux
Kernel-uek-tools update (ELSA-2020-5913) kernel-uek-tools-4.14.35-2025.402.2.1.el7uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2020-5913) kernel-uek-doc-4.14.35-2025.402.2.1.el7uek.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234