Adding a malformed Access Route to a User Class allows members to execute any program
Adding an Access Route to a User Class with any of the following formats:
gives any user in that Class rights to run any program as root, when it should in fact give no suexec access at all.
Resolution / Workaround
Install hotfix HFBM-0027, available for download from the HelpSystems Community Portal.
With this hotfix applied, these malformed Access Routes no longer give access.
Alternatively, you can also resolve this issue by upgrading to BoKS Manager / BoKS Server Agent for Unix / Linux 6.7.
Note that this issue also affects:
Still have questions? We can help. Submit a case to Technical Support.