[原文]The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
SETI@home Insecure File Ownership Local Privilege Escalation
Local Access Required
Loss of Integrity
SETI@home contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the init script executes the SETI@home files with root privileges, which may the user who executes the file to gain root privileges. This flaw may lead to a loss of integrity.
Upgrade to version 3.08-r4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.