Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4532

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-4532
Last Modified 05 Sep 2008 04:57:08
Published 27 Dec 2005 08:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4532

Summary

scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application.

Vulnerable Systems

Application

  • Scponly 3.1

  • Scponly 3.11

  • Scponly 3.2

  • Scponly 3.3

  • Scponly 3.4

  • Scponly 3.6

  • Scponly 3.7

  • Scponly 3.8

  • Scponly 3.9

  • Scponly 4.0

  • Scponly 4.1


References

SECUNIA - 18223

CONFIRM - http://sublimation.org/scponly/#relnotes

XF - scponly-scponlyc-privilege-escalation(23874)

BID - 16051

GENTOO - GLSA-200512-17

DEBIAN - DSA-969

SECUNIA - 18829

SECUNIA - 18236


Last Updated: 27 May 2016 10:41:20