Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1009

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-1009
Last Modified 05 Sep 2008 04:22:25
Published 11 Dec 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-1009

Summary

dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.

Vulnerable Systems

Operating System

  • Redhat Linux 6.2

  • Trustix Secure Linux 1.1


References

BID - 1871

XF - linux-dump-execute-code

BUGTRAQ - 20001030 Redhat 6.2 dump command executes external program with suid priviledge.


Last Updated: 27 May 2016 10:35:58