Privilege Escalation

2020-04-1000:59:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

rgmanager is vulnerable to privilege escalation. The vulnerability exists as it was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.

CPENameOperatorVersion
rgmanagereq2.0.31__1.el5
rgmanagereq2.0.46__1.el5
rgmanagereq2.0.52__6.el5
rgmanagereq2.0.52__9.el5
rgmanagereq2.0.38__2.el5
rgmanagereq2.0.46__1.el5_3.4
rgmanagereq1.9.87__1.el4
rgmanagereq2.0.52__1.el5_4.2
rgmanagereq1.9.87__1.el4_8.1
rgmanagereq1.9.87__1.el4_8.6

Name	Operator	Version
rgmanager	eq	2.0.31__1.el5
rgmanager	eq	2.0.46__1.el5
rgmanager	eq	2.0.52__6.el5
rgmanager	eq	2.0.52__9.el5
rgmanager	eq	2.0.38__2.el5
rgmanager	eq	2.0.46__1.el5_3.4
rgmanager	eq	1.9.87__1.el4
rgmanager	eq	2.0.52__1.el5_4.2
rgmanager	eq	1.9.87__1.el4_8.1
rgmanager	eq	1.9.87__1.el4_8.6