Util-VServer SUEXEC Privilege Escalation Weakness
BID:17361
Info
Util-VServer SUEXEC Privilege Escalation Weakness
| Bugtraq ID: | 17361 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 03 2006 12:00AM |
| Updated: | Apr 04 2006 06:23PM |
| Credit: | Daniel Hokka Zakrisson reported this issue to the vendor. |
| Vulnerable: |
VServer util-vserver 0.30.210 VServer util-vserver 0.30.204 VServer util-vserver 0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
Util-VServer SUEXEC Privilege Escalation Weakness
The util-vserver package for the Linux-VServer project is susceptible to a privilege-escalation weakness.
This issue allows remote attackers that exploit latent vulnerabilities in services to potentially gain superuser privileges in a guest virtual server. This may aid them in further attacks.
The util-vserver package for the Linux-VServer project is susceptible to a privilege-escalation weakness.
This issue allows remote attackers that exploit latent vulnerabilities in services to potentially gain superuser privileges in a guest virtual server. This may aid them in further attacks.
Exploit / POC
Util-VServer SUEXEC Privilege Escalation Weakness
An exploit is not required to trigger this issue. An exploit may be required to take advantage of latent vulnerabilities in applications running in the virtual server environment.
An exploit is not required to trigger this issue. An exploit may be required to take advantage of latent vulnerabilities in applications running in the virtual server environment.
Solution / Fix
Util-VServer SUEXEC Privilege Escalation Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the referenced third-party vendor advisories for details on obtaining and applying fixes.
VServer util-vserver 0.30.210
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the referenced third-party vendor advisories for details on obtaining and applying fixes.
VServer util-vserver 0.30.210
-
VServer util-vserver-0.30.210-vcontext-uid.patch
https://savannah.nongnu.org/patch/download.php?file_id=9626
References
Util-VServer SUEXEC Privilege Escalation Weakness
References:
References:
- Debian Bug report logs - #360438 (Debian)
- util-vserver - Bugs: bug #15996, suexec from root with an invalid... (VServer)
- util-vserver Project Page (VServer)
- VServer Home Page (VServer)