CVE-2020-8250: Privilege Escalation via Command Injection in Pulse Secure VPN Linux Client
CVE-2020-8250: Privilege Escalation via Command Injection in Pulse Secure VPN Linux Client The root SUID executable pulsesvc, has a function “do_upload” that unsafely passes the “HOME” environmental variable to “system()” By altering the “HOME” variable to contain special shell characters (Ex: “``” or “$()&rdquo