Lucene search

UbuntuUSN-732-1

HistoryMar 10, 2009 - 12:00 a.m.

dash vulnerability

2009-03-1000:00:00

ubuntu.com

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Releases

Ubuntu 8.10
Ubuntu 8.04

Packages

dash -

Details

Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would
source .profile files from the current directory. Local users may be able to
bypass security restrictions and gain root privileges by placing specially
crafted .profile files where they might get sourced by other dash users.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchdash< 0.5.4-9ubuntu1.1UNKNOWN
Ubuntu8.04noarchdash< 0.5.4-8ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.10	noarch	dash	< 0.5.4-9ubuntu1.1	UNKNOWN
Ubuntu	8.04	noarch	dash	< 0.5.4-8ubuntu1.1	UNKNOWN

References

ubuntu.com/security/CVE-2009-0854

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for USN-732-1