The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00405Percentile:
0.60159
CVSS Scoring
CVSS v3.1 Score: 5.5
Severity: MEDIUM
Mapped CWE(s)
CWE-276
: Incorrect Default Permissions
All CAPEC(s)
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
CAPEC-127 : Directory Indexing
CAPEC-81 : Web Server Logs Tampering
CAPEC(s) with Mapped TTPs
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
T1574.010
: Services File Permissions Weakness
CAPEC-127 : Directory Indexing
Mapped TTPs:
T1083
: File and Directory Discovery
Mapped ATT&CK TTPs
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1083
: File and Directory Discovery
Kill Chain: discovery
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise Operation CuckooBees Operation Honeybee Operation Dream Job C0015 Night Dragon KV Botnet Activity
Affected Products
cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me