Skip to content

An unsigned-library issue was discovered in ProlinOS...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD.

References

Published by the National Vulnerability Database Nov 2, 2020
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 29, 2023

Severity

High

EPSS score

0.048%
(20th percentile)

Weaknesses

CVE ID

CVE-2020-28045

GHSA ID

GHSA-63pw-vhjp-v4v8

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.