Lucene search

MitreCVE-2006-2183

HistoryMay 04, 2006 - 12:38 p.m.

CVE-2006-2183

2006-05-0412:38:00

mitre

web.nvd.nist.gov

vulnerability

truecrypt

linux

suid root

path environment variable

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.

Affected configurations

Nvd

Node

truecrypt_foundationtruecryptMatch4.1

VendorProductVersionCPE
truecrypt_foundationtruecrypt4.1cpe:2.3:a:truecrypt_foundation:truecrypt:4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
truecrypt_foundation	truecrypt	4.1	cpe:2.3:a:truecrypt_foundation:truecrypt:4.1:::::::*

References

lists.immunitysec.com/pipermail/dailydave/2006-April/003152.html

secunia.com/advisories/19903

www.osvdb.org/25131

www.truecrypt.org/history.php

www.vupen.com/english/advisories/2006/1591

exchange.xforce.ibmcloud.com/vulnerabilities/26191

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVE-2006-2183