Debian Security Advisory DSA 2472-1 (gridengine) Network Vulnerability

Summary

The remote host is missing an update to gridengine announced via advisory DSA 2472-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202472-1

Insight

Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes. For the stable distribution (squeeze), this problem has been fixed in version 6.2u5-1squeeze1. For the unstable distribution (sid), this problem has been fixed in version 6.2u5-6. We recommend that you upgrade your gridengine packages.

Severity

Classification

CVE CVE-2012-0208

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 042-1 (gnuserv, xemacs21)
Debian Security Advisory DSA 026-1 (bind)
Debian Security Advisory DSA 029-1 (proftpd)
Debian Security Advisory DSA 065-1 (samba)
Debian Security Advisory DSA 058-1 (exim)

Take action and discover your vulnerabilities