CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
0.4%
Some implementations of the Linux restoration utility, restore, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if restore is setuid root.
Some implementations of the Linux restoration utility, restore, permit use of storage devices on remote machines via an access program on the local machine. This access program is identified in the RSH environment variable. The value in the environment variable is not validated for security prior to its use in calling a program. In some implementations, restore is protected setuid root.
By specifying a shell script of their own devising, malicious local users can exploit the setuid protection on restore to secure root access for themselves to execute arbitrary commands.
Apply vendor patches; see the Systems Affected section below.
Remove the setuid protection from restore.
960877
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 31, 2000 Updated: July 23, 2001
Affected
<http://www.linuxsecurity.com/advisories/redhat_advisory-849.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960877 Feedback>).
Notified: July 16, 2001 Updated: July 23, 2001
Not Affected
Both programs are not installed setuid root or setgid root on a Debian GNU/Linux 2.2 (stable) system nor on Debian unstable (upcoming release).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960877 Feedback>).
Notified: July 16, 2001 Updated: July 23, 2001
Not Affected
We are not vulnerable as we do not ship the dump and restore utilities.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960877 Feedback>).
Notified: July 16, 2001 Updated: July 23, 2001
Not Affected
Our dump & restore have not been setuid or setgid for a very long time. We have also fixed numerous other bugs in them.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960877 Feedback>).
Notified: July 16, 2001 Updated: July 16, 2001
Not Affected
None of the EFS and XFS dump/restore tools in IRIX are setuid root per an SGI engineer, so we believe IRIX is not vulnerable unless proven otherwise.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960877 Feedback>).
Notified: July 16, 2001 Updated: August 07, 2001
Unknown
Vendor could not reproduce this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960877 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.securityfocus.com/bid/1914>
This vulnerability was first reported through discussion on Bugtraq .
This document was last modified by Tim Shimeall.
CVE IDs: | CVE-2000-1125 |
---|---|
Severity Metric: | 20.06 Date Public: |