| Vulnerability Name: | CVE-2000-1125 (CCN-5483) | ||||||||
| Assigned: | 2000-11-04 | ||||||||
| Published: | 2000-11-04 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Nov 04 2000 - 02:34:33 CST Redhat 6.2 restore exploit Source: MITRE Type: CNA CVE-2000-1125 Source: BUGTRAQ Type: UNKNOWN 20001104 Redhat 6.2 restore exploit Source: CCN Type: US-CERT VU#960877 Red Hat linux restore uses insecure environment variables allowing root compromise Source: CCN Type: OSVDB ID: 13758 Red Hat Linux restore RSH Environment Variable Subversion Privilege Escalation Source: BID Type: Exploit, Vendor Advisory 1914 Source: CCN Type: BID-1914 RedHat Linux restore Insecure Environment Variables Vulnerability Source: XF Type: UNKNOWN restore-rsh-executable(5483) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||