Описание
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | rgmanager | Affected | ||
| CLuster Suite for RHEL 4 | rgmanager | Fixed | RHSA-2011:0264 | 16.02.2011 |
| Red Hat Enterprise Linux 5 | rgmanager | Fixed | RHSA-2011:1000 | 21.07.2011 |
| Red Hat Enterprise Linux 6 | resource-agents | Fixed | RHSA-2011:1580 | 05.12.2011 |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS2
Связанные уязвимости
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
ELSA-2011-1000: rgmanager security, bug fix, and enhancement update (LOW)
3.7 Low
CVSS2