Lucene search
UbuntuUSN-732-1HistoryMar 10, 2009 - 12:00 a.m.
dash vulnerability
2009-03-1000:00:00
ubuntu.com
33
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.2%
Releases
- Ubuntu 8.10
- Ubuntu 8.04
Packages
- dash -
Details
Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would
source .profile files from the current directory. Local users may be able to
bypass security restrictions and gain root privileges by placing specially
crafted .profile files where they might get sourced by other dash users.
References
Related
ubuntucve
ubuntucve
CVE-2009-0854
2009-03-11 00:00:00
securityvulns
securityvulns
dash privilege esclation
2009-03-12 00:00:00
[USN-732-1] dash vulnerability
2009-03-12 00:00:00
prion
prion
Design/Logic Flaw
2009-03-11 14:19:00
nvd
nvd
CVE-2009-0854
2009-03-11 14:19:15
cve
cve
CVE-2009-0854
2009-03-11 14:19:15
cvelist
cvelist
CVE-2009-0854
2009-03-11 14:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-732-1)
2009-03-13 00:00:00
Ubuntu USN-732-1 (dash)
2009-03-13 00:00:00
Ubuntu USN-731-1 (apache2)
2009-03-13 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 8.10 : dash vulnerability (USN-732-1)
2009-04-23 00:00:00
debiancve
debiancve
CVE-2009-0854
2009-03-11 14:19:15
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.2%
Related for USN-732-1