From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Nov 11 2003 - 04:53:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
wmapm Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA10188

VERIFY ADVISORY:
http://www.secunia.com/advisories/10188/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
wmapm 3.x

DESCRIPTION:
A vulnerability has been identified in wmapm, which potentially can
be exploited by malicious, local users to escalate their privileges
on a vulnerable system.

The vulnerability is caused due to insecure use of a "system()" call
to the file "apm" without providing an absolute path. This can be
exploited to execute an arbitrary program named "apm" in an arbitrary
location by manipulating the "PATH" environment variable.

Successful exploitation may allow arbitrary code execution with
escalated privileges on systems where the program is installed setuid
or setgid.

The vulnerability has been confirmed in version 3.1. Other versions
may also be affected.

SOLUTION:
Remove the suid or sgid bit.

REPORTED BY / CREDITS:
Knud Erik Højgaard

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://www.secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]