Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1656

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1656
Last Modified 05 Sep 2008 05:02:29
Published 06 Apr 2006 06:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1656

Summary

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.

Vulnerable Systems

Application

  • Util-vserver 0.30.209

  • Util-vserver 0.30.210


References

BID - 17361

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438

CONFIRM - https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966

MISC - https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996


Last Updated: 27 May 2016 10:42:09