Beagle beagle-status privilege escalation
| beagle-beagle-status-privilege-escalation (25303) |  High Risk |
Description:
Beagle could allow a local attacker to gain elevated privileges caused by improper handling of the beagle-info script by beagle-status. A local attacker could modify the beagle-info script to include arbitrary commands that would be executed with elevated privileges once called by beagle-status.
Platforms Affected:
- Beagle, Beagle 0.2.2.1
Remedy:
Refer to FEDORA-2006-188 for patch, upgrade or suggested workaround information. See References.
Consequences:
Gain Privileges
References:
- Beagle Web site, Main Page - Beagle at http://beaglewiki.org/Main_Page.
- FEDORA-2006-188, Fedora alert FEDORA-2006-188 (beagle) at http://lwn.net/Alerts/176459/.
- BID-17195: Beagle Insecure Path Arbitrary Code Execution Vulnerability
- CVE-2006-1296: Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH.
- OSVDB ID: 23942: Beagle beagle-status Path Subversion Arbitrary Command Execution
- SA19278: Beagle "beagle-status" Command Execution Vulnerability
Reported:
Mar 17, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net