PT-2005-4387 · Red Hat · Red Hat

Published

2005-12-31

Updated

2017-10-11

CVE-2005-3629

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux version 4

Description The issue is related to the handling of certain environment variables by initscripts when /sbin/service is executed. This can be exploited by local users with sudo permissions for /sbin/service to gain root privileges.

Recommendations For Red Hat Enterprise Linux version 4, consider restricting sudo permissions for /sbin/service to minimize the risk of exploitation. As a temporary workaround, review and secure environment variables that may be used by /sbin/service until a more permanent solution is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3629

RHSA-2006:0015

RHSA-2006:0016

RHSA-2006_0016

Affected Products

Red Hat

PT-2005-4387 · Red Hat · Red Hat

CVE-2005-3629

Related Identifiers

Affected Products

References · 12