Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0228

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-0228
Last Modified 07 Mar 2011 09:29:36
Published 17 Jan 2006 04:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0228

Summary

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.

Vulnerable Systems

Application

  • Grsecurity Kernel Patch 2.0.1

  • Grsecurity Kernel Patch 2.0.2

  • Grsecurity Kernel Patch 2.1.0

  • Grsecurity Kernel Patch 2.1.1

  • Grsecurity Kernel Patch 2.1.2

  • Grsecurity Kernel Patch 2.1.3

  • Grsecurity Kernel Patch 2.1.4

  • Grsecurity Kernel Patch 2.1.5

  • Grsecurity Kernel Patch 2.1.6

  • Grsecurity Kernel Patch 2.1.7


References

BID - 16261

SECUNIA - 18458

VUPEN - ADV-2006-0199

CONFIRM - http://www.grsecurity.org/news.php#grsec218

XF - grsecurity-rbac-admin-privileges(24156)


Last Updated: 27 May 2016 10:41:35