Vulnerabilities > CVE-2006-3693 - Local Privilege Escalation vulnerability in Rocks Clusters
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit. CVE-2006-3693. Local exploit for linux platform id EDB-ID:2016 last seen 2016-01-31 modified 2006-07-15 published 2006-07-15 reporter Xavier de Leon source https://www.exploit-db.com/download/2016/ title Rocks Clusters <= 4.1 mount-loop Local Root Exploit description Rocks Clusters. CVE-2006-3693. Local exploit for linux platform id EDB-ID:2015 last seen 2016-01-31 modified 2006-07-15 published 2006-07-15 reporter Xavier de Leon source https://www.exploit-db.com/download/2015/ title Rocks Clusters <= 4.1 - umount-loop Local Root Exploit
References
- http://secunia.com/advisories/21065
- http://securityreason.com/securityalert/1242
- http://www.securityfocus.com/archive/1/440126/100/0/threaded
- http://www.securityfocus.com/bid/19003
- http://www.vupen.com/english/advisories/2006/2833
- http://xavier.tigerteam.se/advisories/TSEAD-200606-6.txt
- http://xavier.tigerteam.se/exploits/rocksmountdirty.sh
- http://xavier.tigerteam.se/exploits/rocksumountdirty.py
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27758