CVE-2020-8248: Privilege Escalation via Zip Wildcard Exploit in Pulse Secure VPN Linux Client
CVE-2020-8248: Privilege Escalation via Zip Wildcard Exploit in Pulse Secure VPN Linux Client The root SUID executable pulsesvc, has a function “do_upload” that unsafely calls a zip command with wildcards (“*”) By writing files with specifically crafted names, in a user- controlled folder (“~/pulse_secure/pulse/”), an attacker can abuse the