iDEFENSE Security Advisory - Local exploitation of a design error in Adobe Systems, Inc. Version Cue allows local attackers to gain root privileges. Version Cue includes a setuid root application named VCNative which is vulnerable to a symlink attack. The vulnerability specifically exists due to the use of predictable log file names. VCNative uses a format such as VCNative-[pid].log for the filename and stores the file in the current working directory. Attackers can easily predict the created filename and supply user-controlled data via the -host and - port options. A carefully supplied value can cause a crafted log file to be written. Crafted strings written to root-owned files can lead to arbitrary code execution with root privileges.
411dc375de7e880373b5415079f07e6ba80c1cdda2a6b6a1c38e1aa35c6407ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed