Multiple Vulnerabilities in MagniComp's SysInfo root setuid()
- Published: 23 Sep 2016
Multiple Vulnerabilities in MagniComp’s SysInfo root setuid()
Share
Type
- Local Privilege Escalation
Severity
- High
Affected products
- MagniComp’s SysInfo
CVE Reference
- N/A
Timeline
| 2016-07-25 | Reported to MagniComp’s Security Team |
| 2016-07-27 | Fixes Confirmed |
| 2016-08-23 | Public Patch Released |
| 2016-09-23 | Advisory Released |
Description
MagniComp’s SysInfo enables system administrators to find and view highly detailed system, software, and hardware information on a variety of platforms.
Multiple vulnerabilities have been discovered in MagniComp’s SysInfo which allow local users to read, write arbitrary files and execute arbitrary commands with root-level privileges.
Impact
Multiple vulnerabilities could allow an attacker to escalate their privileges to root and hence gain full control over the system.
Cause
The vulnerabilities are due to insufficient input validation, improper permission checks and insecure search path.
Solution
Update to the latest version.
Technical Details
Refer to attached detailed advisory above.