PT-2010-4416 · Oracle · Hsolink
Published
2010-08-02
·
Updated
2017-08-17
·
CVE-2010-2929
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
hsolink version 1.0.118
Description
The issue allows local users to gain privileges via a modified PATH environment variable. This is exploited during the execution of certain programs, including route, mv, and cp.
Recommendations
For hsolink version 1.0.118, consider restricting the modification of the PATH environment variable to prevent privilege escalation. As a temporary workaround, restrict access to the route, mv, and cp programs until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hsolink