Family: Debian Local Security Checks --> Category: infos
[DSA918] DSA-918-1 osh Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Several security related problems have been discovered in osh, the
operator's shell for executing defined programs in a privileged
environment. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:
Charles Stevenson discovered a bug in the substitution of
variables that allows a local attacker to open a root shell.
Solar Eclipse discovered a buffer overflow caused by the current
working directory plus a filename that could be used to execute
arbitrary code and e.g. open a root shell.
For the old stable distribution (woody) these problems have been fixed in
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
version 1.7-15, however, the package has been removed entirely.
We recommend that you upgrade your osh package.
Solution : http://www.debian.org/security/2005/dsa-918
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.