MagniComp's SysInfo root setuid() Local Privilege Escalation Vulnerability
- Published: 23 Sep 2016
MagniComp’s SysInfo root setuid() Local Privilege Escalation Vulnerability
Share
Type
- Local Privilege Escalation
Severity
- High
Affected products
- MagniComp’s SysInfo
CVE Reference
- N/A
Timeline
| 2016-06-23 | Vulnerability Discovered |
| 2016-07-20 | Reported to MagniComp’s Security Team |
| 2016-07-21 | Fixes Confirmed |
| 2016-08-23 | Public Patch Released |
| 2016-09-23 | Advisory Released |
Description
MagniComp’s SysInfo enables system administrators to find and view highly detailed system, software, and hardware information on a variety of platforms.
A Local Privilege Escalation Vulnerability in MagniComp’s Sysinfo for Linux could allow a local attacker to gain elevated privileges.
Impact
This vulnerability allows local users to gain root privilege and hence full control over the affected system.
Cause
The application relies on information passed to it from the shell to see where it is installed and where to find the configuration file. Additionally, the application relies on arbitrary arguments to decide which applications to execute.
Solution
Update to the latest version.
Technical Details
Refer to attached detailed advisory above.