Vulnerabilities > CVE-2006-1319 - Privilege Escalation vulnerability in Runit 1.3.3.1

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

high complexity

runit

NVD

Published: 2006-03-20

Updated: 2017-07-20

Summary

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type. This vulnerability may be relevant only to Debian GNU/Linux implementations on little endian i386 machines.

Vulnerable Configurations

Part	Description	Count
Application	Runit Runit Runit 1.3.3.1	1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356016
http://secunia.com/advisories/19323
http://www.securityfocus.com/bid/17179
https://exchange.xforce.ibmcloud.com/vulnerabilities/25419