Download
| Alert*
oval:org.secpod.oval:def:115270
Hesiod is a system which uses existing DNS functionality to provide access to databases of information that changes infrequently. It is often used to distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap files, among others. oval:org.secpod.oval:def:1902007 The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the HESIOD_CONFIG or HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. oval:org.secpod.oval:def:2001398 The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the HESIOD_CONFIG or HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. |