Описание
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1:1.0.4-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1:1.0.4-0ubuntu1]] |
| hardy | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
ELSA-2011-1000: rgmanager security, bug fix, and enhancement update (LOW)
EPSS
6.9 Medium
CVSS2