|
|
| |
|
| |
capp-lspp-config: privilege escalation
| Package(s): | lspp-eal4-config-ibm, capp-lspp-eal4-config-hp |
CVE #(s): | CVE-2008-0884
|
| Created: | April 1, 2008 |
Updated: | April 2, 2008 |
| Description: |
The lspp-eal4-config-ibm and capp-lspp-eal4-config-hp packages contain
utilities and documentation for configuring a machine for the Controlled
Access Protection Profile, or the Labeled Security Protection Profile.
It was discovered that use of the "capp-lspp-config" script results in the
"/etc/pam.d/system-auth" file being set to world-writable. Authorized local
users who have limited privileges could then exploit this to gain
additional access, or to escalate their privileges. |
| Alerts: |
|
( Log in to post comments)
|
|
|