Vulnerability Description
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vserver | Util-Vserver | <= 0.30.210 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438Patch
- http://www.securityfocus.com/bid/17361Patch
- https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996
- https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=360438Patch
- http://www.securityfocus.com/bid/17361Patch
- https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996
- https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966
FAQ
What is CVE-2006-1656?
CVE-2006-1656 is a vulnerability with a CVSS score of 7.2 (HIGH). vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as ro...
How severe is CVE-2006-1656?
CVE-2006-1656 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1656?
Check the references section above for vendor advisories and patch information. Affected products include: Vserver Util-Vserver.