Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hf | Hf | 0.7.3 (including) | 0.7.3 (including) |
| Hf | Hf | 0.8 (including) | 0.8 (including) |
| Hf | Ubuntu | dapper | * |
| Hf | Ubuntu | gutsy | * |
| Hf | Ubuntu | hardy | * |
| Hf | Ubuntu | intrepid | * |
| Hf | Ubuntu | upstream | * |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182
- http://osvdb.org/50231
- http://secunia.com/advisories/32831
- http://secunia.com/advisories/32855
- http://www.debian.org/security/2008/dsa-1668
- http://www.securityfocus.com/bid/32421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46806
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182
- http://osvdb.org/50231
- http://secunia.com/advisories/32831
- http://secunia.com/advisories/32855
- http://www.debian.org/security/2008/dsa-1668
- http://www.securityfocus.com/bid/32421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46806