Vulnerabilities > CVE-2004-1116 - Local Security vulnerability in Linux

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
gentoo
nessus

Summary

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Vulnerable Configurations

Part Description Count
OS
Gentoo
1

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200411-26.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200411-26 (GIMPS, SETI@home, ChessBrain: Insecure installation) GIMPS, SETI@home and ChessBrain ebuilds install user-owned binaries and init scripts which are executed with root privileges. Impact : This could lead to a local privilege escalation or root compromise. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id15754
published2004-11-18
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15754
titleGLSA-200411-26 : GIMPS, SETI@home, ChessBrain: Insecure installation