Operator Shell (osh) main.c Environment Variable Substitution Local Privilege Escalation

2005-11-09T09:17:26
ID OSVDB:20720
Type osvdb
Reporter Charles Stevenson(core@bokeoa.com)
Modified 2005-11-09T09:17:26

Description

Vulnerability Description

Operator Shell (osh) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an error in the handling of environment variable substitutions, and exploited by loading arbitrary shared libraries. This flaw may lead to a loss of Integrity.

Solution Description

Upgrade to version 1.15 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Operator Shell (osh) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an error in the handling of environment variable substitutions, and exploited by loading arbitrary shared libraries. This flaw may lead to a loss of Integrity.

References:

Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312 Secunia Advisory ID:17527 Secunia Advisory ID:17967 Other Advisory URL: http://www.debian.org/security/2005/dsa-918 Generic Exploit URL: http://www.milw0rm.com/id.php?id=1300 CVE-2005-3346