CVE-2005-3629 — Redhat Enterprise Linux vulnerability

5 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 90.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedDec 31

Latest updateMay 3

Description

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages0 packages

Also affects: Enterprise Linux 3.0, 4.0

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-p357-vv6x-p853: initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local us↗2022-05-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-03-07

▶

💬Community

Bugzilla

CVE-2005-3629 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-3629 root shell can be gained from service if ran through sudo↗2005-12-02

▶