CVE-2008-2359
First published: Tue May 27 2008(Updated: )
It was discovered that consolehelper configuration files (/etc/security/console.apps/system-config-network*) as shipped in Fedora 8 system-config-network packages allowed any local console user to start system-config-network configuration program with root privileges by providing only user password, not administrator password. This allows any user with local console access to change network configuration of the host. Configuration file did not include USER=root directive and tried to include file config-util, which does not exist on Fedora 8 and is only provided by usermode package in Fedora 9. Without USER= specification, consolehelper prompted user for user password instead of intended root password.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Fedora 8 | =1.5.5 | |
| Redhat Fedora 8 | =1.5.9 | |
| Fedora 8 Consolehelper | =1.5.2 | |
| Redhat Fedora 8 | =1.5.4 | |
| Fedora 8 Consolehelper | =1.4.4 | |
| Redhat Fedora 8 | =1.5.6 | |
| Fedora 8 Consolehelper | =1.5.7 | |
| Fedora 8 Consolehelper | =1.4.5 | |
| Redhat Fedora 8 | =1.5.0 | |
| Redhat Fedora 8 | =1.5.10 | |
| Redhat Fedora 8 | =1.4.5 | |
| Fedora 8 Consolehelper | =1.5.0 | |
| Redhat Fedora 8 | =1.5.3 | |
| Redhat Fedora 8 | =1.4.6 | |
| Redhat Fedora 8 | =1.5. | |
| Fedora 8 Consolehelper | =1.5.1 | |
| Redhat Fedora 8 | =1.5.1 | |
| Redhat Fedora 8 | =1.5.8 | |
| Fedora 8 Consolehelper | =1.5.4 | |
| Fedora 8 Consolehelper | =1.5.5 | |
| Fedora 8 Consolehelper | =1.5.6 | |
| Fedora 8 Consolehelper | =1.5.10 | |
| Redhat Fedora 8 | =1.4.4 | |
| Redhat Fedora 8 | =1.4.7 | |
| Fedora 8 Consolehelper | =1.4.6 | |
| Fedora 8 Consolehelper | =1.5.8 | |
| Fedora 8 Consolehelper | =1.5.9 | |
| Fedora 8 Consolehelper | =1.4.7 | |
| Redhat Fedora 8 | =1.5.2 | |
| Fedora 8 Consolehelper | =1.5.3 | |
| Redhat Fedora 8 | =1.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/severity
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-2359
- vendor/redhat
- canonical/redhat fedora 8
- version/redhat fedora 8/1.5.5
- version/redhat fedora 8/1.5.9
- vendor/fedora 8
- canonical/fedora 8 consolehelper
- version/fedora 8 consolehelper/1.5.2
- version/redhat fedora 8/1.5.4
- version/fedora 8 consolehelper/1.4.4
- version/redhat fedora 8/1.5.6
- version/fedora 8 consolehelper/1.5.7
- version/fedora 8 consolehelper/1.4.5
- version/redhat fedora 8/1.5.0
- version/redhat fedora 8/1.5.10
- version/redhat fedora 8/1.4.5
- version/fedora 8 consolehelper/1.5.0
- version/redhat fedora 8/1.5.3
- version/redhat fedora 8/1.4.6
- version/redhat fedora 8/1.5.
- version/fedora 8 consolehelper/1.5.1
- version/redhat fedora 8/1.5.1
- version/redhat fedora 8/1.5.8
- version/fedora 8 consolehelper/1.5.4
- version/fedora 8 consolehelper/1.5.5
- version/fedora 8 consolehelper/1.5.6
- version/fedora 8 consolehelper/1.5.10
- version/redhat fedora 8/1.4.4
- version/redhat fedora 8/1.4.7
- version/fedora 8 consolehelper/1.4.6
- version/fedora 8 consolehelper/1.5.8
- version/fedora 8 consolehelper/1.5.9
- version/fedora 8 consolehelper/1.4.7
- version/redhat fedora 8/1.5.2
- version/fedora 8 consolehelper/1.5.3
- version/redhat fedora 8/1.5.7