Vulnerability Description
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mandrakesoft | Mandrake Linux | 6.0 |
| Redhat | Linux | 6.0 |
| Turbolinux | Turbolinux | 3.5b2 |
References
- http://www.l0pht.com/advisories/pam_advisory
- http://www.redhat.com/support/errata/RHSA-2000-001.html
- http://www.securityfocus.com/bid/913
- http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
- http://www.l0pht.com/advisories/pam_advisory
- http://www.redhat.com/support/errata/RHSA-2000-001.html
- http://www.securityfocus.com/bid/913
- http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
FAQ
What is CVE-2000-0052?
CVE-2000-0052 is a vulnerability with a CVSS score of 7.2 (HIGH). Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
How severe is CVE-2000-0052?
CVE-2000-0052 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0052?
Check the references section above for vendor advisories and patch information. Affected products include: Mandrakesoft Mandrake Linux, Redhat Linux, Turbolinux Turbolinux.