Lucene search

[email protected]CVE-2006-2183

HistoryMay 04, 2006 - 12:38 p.m.

CVE-2006-2183

2006-05-0412:38:00

[email protected]

web.nvd.nist.gov

vulnerability

truecrypt

linux

suid root

path environment variable

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.

Affected configurations

NVD

Node

truecrypt_foundationtruecryptMatch4.1

CPENameOperatorVersion
truecrypt_foundation:truecrypttruecrypt foundation truecrypteq4.1

CPE	Name	Operator	Version
truecrypt_foundation:truecrypt	truecrypt foundation truecrypt	eq	4.1

References

lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html

secunia.com/advisories/19903

www.osvdb.org/25131

www.truecrypt.org/history.php

www.vupen.com/english/advisories/2006/1591

exchange.xforce.ibmcloud.com/vulnerabilities/26191

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for CVE-2006-2183

nvd1 cvelist1 prion1