Description
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
References (4)
Core 4
Core References
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1516
Mailing List x_refsource_confirm
http://marc.info/?l=bugtraq&m=96473640717095&w=2
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2000/20000727
Scores
EPSS
0.0007
EPSS Percentile
20.9%
Details
Status
published
Products (1)
gnu/userv
1.0.0
Published
Oct 20, 2000
Tracked Since
Feb 18, 2026