Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2006-0576

Опубликовано: 07 фев. 2006
Источник: redhat

Описание

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

Отчет

Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue was fixed for Red Hat Enterprise Linux 4 in the following errata: http://rhn.redhat.com/errata/RHEA-2006-0355.html This issue does not affect Red Hat Enterprise Linux 2

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1618011security flaw

Связанные уязвимости

ubuntu логотип

CVE-2006-0576

ubuntu
больше 19 лет назад

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

nvd логотип

CVE-2006-0576

nvd
больше 19 лет назад

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

debian логотип

CVE-2006-0576

debian
больше 19 лет назад

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...

github логотип

GHSA-9xvh-2qpv-m4fg

github
больше 3 лет назад

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.