Lucene search

[email protected]CVE-2006-1656

HistoryApr 06, 2006 - 10:04 a.m.

CVE-2006-1656

2006-04-0610:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

vserver

util-vserver

cve-2006-1656

security

vulnerability

suexec

root access privilege escalation

nvd

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.

CPENameOperatorVersion
vserver:util-vservervserver util-vservereq0.30.209
vserver:util-vservervserver util-vserverle0.30.210

CPE	Name	Operator	Version
vserver:util-vserver	vserver util-vserver	eq	0.30.209
vserver:util-vserver	vserver util-vserver	le	0.30.210

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438

www.securityfocus.com/bid/17361

savannah.nongnu.org/bugs/?func=detailitem&item_id=15996

savannah.nongnu.org/patch/?func=detailitem&item_id=4966

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2006-1656

debiancve1 prion1 ubuntucve1