PT-2005-4387 · Red Hat · Red Hat

Publicado

2005-12-31

Atualizado

2017-10-11

CVE-2005-3629

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux version 4

Description The issue is related to the handling of certain environment variables by initscripts when /sbin/service is executed. This can be exploited by local users with sudo permissions for /sbin/service to gain root privileges.

Recommendations For Red Hat Enterprise Linux version 4, consider restricting sudo permissions for /sbin/service to minimize the risk of exploitation. As a temporary workaround, review and secure environment variables that may be used by /sbin/service until a more permanent solution is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-3629

RHSA-2006:0015

RHSA-2006:0016

RHSA-2006_0016

Produtos afetados

Red Hat

PT-2005-4387 · Red Hat · Red Hat

CVE-2005-3629

Identificadores relacionados

Produtos afetados

Referências · 12