CVE-2004-0850

Name of the Vulnerable Software and Affected Versions: Star versions prior to 1.5 alpha46

Description: The issue allows local users to potentially gain privileges by modifying the RSH environment variable to reference a malicious program, due to the software not dropping the effective user ID (euid) before calling external programs.

Recommendations: For versions prior to 1.5 alpha46, consider dropping the effective user ID (euid) before calling external programs to prevent privilege escalation. As a temporary workaround, restrict access to modifying the RSH environment variable to minimize the risk of exploitation.