Bug 1618011 (CVE-2006-0576) - CVE-2006-0576 security flaw
Summary: CVE-2006-0576 security flaw
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2006-0576
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-16 12:06 UTC by Stephen Herr
Modified: 2021-02-16 23:19 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-08-16 12:06:53 UTC
Embargoed:

Attachments (Terms of Use)

Description Stephen Herr 2018-08-16 12:06:46 UTC 
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Comment 1 Stephen Herr 2018-08-16 16:37:02 UTC 
MITRE description:

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs.  NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo.  In such a context, this is a vulnerability.
Comment 2 Stephen Herr 2019-06-13 19:27:33 UTC 
Statement:

Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/

This issue was fixed for Red Hat Enterprise Linux 4 in the following errata:
http://rhn.redhat.com/errata/RHEA-2006-0355.html

This issue does not affect Red Hat Enterprise Linux 2
Note You need to log in before you can comment on or make changes to this bug.