Lucene search
GoogleOSV:DSA-918-1HistoryDec 09, 2005 - 12:00 a.m.
osh - programming error
2005-12-0900:00:00
Google
osv.dev
10
0.0004 Low
EPSS
Percentile
0.4%
Several security related problems have been discovered in osh, the
operator’s shell for executing defined programs in a privileged
environment. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:
- CVE-2005-3346
Charles Stevenson discovered a bug in the substitution of
variables that allows a local attacker to open a root shell. - CVE-2005-3533
Solar Eclipse discovered a buffer overflow caused by the current
working directory plus a filename that could be used to execute
arbitrary code and e.g. open a root shell.
For the old stable distribution (woody) these problems have been fixed in
version 1.7-11woody2.
For the stable distribution (sarge) these problems have been fixed in
version 1.7-13sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 1.7-15, however, the package has been removed entirely.
We recommend that you upgrade your osh package.
References
Related
openvas
openvas
Debian: Security Advisory (DSA-918-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 918-1 (osh)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-918-1 : osh - programming error
2006-10-14 00:00:00
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
nvd
nvd
debian
debian
[SECURITY] [DSA 918-1] New osh packages fix privilege escalation
2005-12-09 05:55:46
[SECURITY] [DSA 918-1] New osh packages fix privilege escalation
2005-12-09 05:55:46
debiancve
debiancve
CVE-2005-3347
2005-11-18 02:02:00