The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for github.com/ubuntu/authd/internal/services/nss
.
github.com/ubuntu/authd/internal/services/nss is an implementation of the NSS gRPC service protocol
Affected versions of this package are vulnerable to Incorrect User Management in users/manager.go
and nss.go
, which implement GenerateID()
for UIDs and GIDs. This function is prone to collisions and can be attacked by offline brute forcing of UIDs to impersonate a legitimate user and escalate privileges.
Note:
This vulnerability was mitigated in version 0.3.6 by making the UID/GID
ranges configurable, so administrators can make sure that the ranges don't overlap with the ranges used by other system components. Even if this responsibility was moved to administrators, the default range is still 1000000000-1999999999
and if it is not changed, a Generated UID can still be used by another user on the system.