Описание
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
Отчет
This issue was fixed in the following products:
- Red Hat Linux 5.0 - RHSA-2000:048 (2000-08-07)
- Red Hat Linux 5.1 - RHSA-2000:048 (2000-08-07)
- Red Hat Linux 5.2 - RHSA-2000:048 (2000-08-07)
- Red Hat Linux 6.0 - RHSA-2000:048 (2000-08-07)
- Red Hat Linux 6.1 - RHSA-2000:048 (2000-08-07)
- Red Hat Linux 6.2 - RHSA-2000:048 (2000-08-07)
Ссылки на источники
Дополнительная информация
EPSS
Связанные уязвимости
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
EPSS