May 30, 2001

EnGarde: 'WebTool' environment vulnerability

Author: JT Smith

From There is a bug in the Guardian Digital WebTool which shipped with
EnGarde Secure Linux version 1.0.1.

When the WebTool restarts a service, certain environmental variables
are inherited which should not be, such as the token used to
authenticate the administrator to the WebTool daemon. Anybody who can
view the environment variables of a process can thus get this token,
and potentially root access.


  • Linux
Click Here!