|Category:||Red Hat Local Security Checks|
|Title:||RedHat Security Advisory RHSA-2006:0015|
The remote host is missing updates announced in
The initscripts package contains the basic system scripts used to boot your
Red Hat system, change runlevels, and shut the system down cleanly.
Initscripts also contains the scripts that activate and deactivate most
A bug was found in the way initscripts handled various environment
variables when the /sbin/service command is run. It is possible for a local
user with permissions to execute /sbin/service via sudo to execute
arbitrary commands as the 'root' user. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3629 to this issue.
The following issues have also been fixed in this update:
* extraneous characters were logged on bootup.
* fsck would be attempted on filesystems marked with _netdev in rc.sysinit
before they were available.
Additionally, support for multi-core Itanium processors has been added to
All users of initscripts should upgrade to these updated packages, which
contain backported patches to resolve these issues.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
Risk factor : High
BugTraq ID: 17038|
Common Vulnerability Exposure (CVE) ID: CVE-2005-3629
SGI Security Advisory: 20060401-01-U
XForce ISS Database: initscripts-service-gain-privileges(25374)
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.