Published: 04/01/2000 Updated: 10/09/2008

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
turbolinux turbolinux 4.2
turbolinux turbolinux 6.0.2
mandrakesoft mandrake linux 6.0
mandrakesoft mandrake linux 6.1
redhat linux 6.0
redhat linux 6.1
turbolinux turbolinux 3.5b2
turbolinux turbolinux 4.4

source: wwwsecurityfocuscom/bid/913/info Because of double path vulnerabilities in the binary userhelper and PAM, it is possible to get root locally on RedHat 60 and 61 systems Both userhelper and PAM follow "" paths and userhelper allows you to specifiy a program to execute as an argument to the -w parameter (which is expected to h ...

Mandrake 60/61,RedHat 60/61,Turbolinux 35 b2/42/44/602 userhelper/PAM Path Vulnerability (1) source: wwwsecurityfocuscom/bid/913/info Because of double path vulnerabilities in the binary userhelper and PAM, it is possible to get root locally on RedHat 60 and 61 systems Both userhelper and PAM follow "" paths and userhelper ...

NVD-CWE-Other http://www.l0pht.com/advisories/pam_advisory http://www.redhat.com/support/errata/RHSA-2000-001.html http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper http://www.securityfocus.com/bid/913 https://nvd.nist.gov https://www.exploit-db.com/exploits/19710/

CVE-2000-0052

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect