Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3693

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-3693
Last Modified 07 Mar 2011 09:39:14
Published 21 Jul 2006 10:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3693

Summary

Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call.

Vulnerable Systems

Application

  • Rocks Clusters 4.1


References

BID - 19003

SECUNIA - 21065

XF - rocks-mount-umount-privilege-escalation(27758)

MISC - http://xavier.tigerteam.se/exploits/rocksumountdirty.py

MISC - http://xavier.tigerteam.se/exploits/rocksmountdirty.sh

MISC - http://xavier.tigerteam.se/advisories/TSEAD-200606-6.txt

VUPEN - ADV-2006-2833

BUGTRAQ - 20060714 Rocks Clusters <=4.1 local root

SREASON - 1242


Last Updated: 27 May 2016 10:43:06