RedHat Linux restore Insecure Environment Variables Vulnerability

restore is a program for backup and recovery procedures, distributed with the RedHat Linux Operating System. A vulnerability exists that could allow a user elevated permissions.

The problem occurs in the RSH environment variable. restore is dependent upon this environment variable for execution. It is possible to set this variable PATH to that of an executable, and then execute restore. This will result in the executable in the RSH environment variable being run with an EUID of 0. Exploitation of this vulnerability by a malicious user can result in root compromise.


Privacy Statement
Copyright 2010, SecurityFocus