CVE-2006-3693

Name of the Vulnerable Software and Affected Versions Rocks Clusters versions 4.1 and earlier

Description The issue allows local users to gain privileges via commands enclosed with escaped backticks (``) in an argument to the (1) mount-loop or (2) umount-loop command. This is possible because the input is not properly filtered in a system function call, specifically in the mount-loop.c and umount-loop.c files.

Recommendations For versions 4.1 and earlier, consider restricting the use of the mount-loop and umount-loop commands until a proper fix is applied, and ensure that all system function calls properly filter input to prevent privilege escalation.