| VID |
14052 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
If the root account's PATH environment variable contains a "." (which means current directory name), the root may inadvertently execute commands located in the current directory. In other words, if the "." Is located before the directory (/usr/bin, /bin, /sbin, etc.) where executable commands are located, if the root executes a specific command, the unauthorized file could be executed illegally. Because the priorities of the wrong PATH can be used for infringement, you should not set the PATH's priorities of the unauthorized directory created directory illegally as well as '.' first
* Affected platforms:
UNIX, Linux |
| Recommendation |
Remove '.' from the PATH as the following
1. Open root's configuration file(~/.profile or ~/.bash_profile and /etc/profile)
#vi /etc/profile
2. Edit as follows
(Before) PATH=.:$PATH:$HOME/bin
(After) PATH=$PATH:$HOME/bin |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
