MBSE-BBS MBSE_Root Multiple Local Privilege Escalation Vulnerabilites
BID:22112
Info
MBSE-BBS MBSE_Root Multiple Local Privilege Escalation Vulnerabilites
| Bugtraq ID: | 22112 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 18 2007 12:00AM |
| Updated: | Jan 18 2007 11:00PM |
| Credit: | prdelka reported these issues. |
| Vulnerable: |
Michiel Broek mbse-bbs 0.70 Michiel Broek mbse-bbs 0.60 Michiel Broek mbse-bbs 0.38 Michiel Broek mbse-bbs 0.36 Michiel Broek mbse-bbs 0.35.7 Michiel Broek mbse-bbs 0.33.20 Michiel Broek mbse-bbs 0.33.19 Michiel Broek mbse-bbs 0.33.18 Michiel Broek mbse-bbs 0.33.17 |
| Not Vulnerable: | |
Discussion
MBSE-BBS MBSE_Root Multiple Local Privilege Escalation Vulnerabilites
The 'mbse-bbs' application is prone to a local privilege-escalation vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service.
These issues affect 'mbse-bbs' 0.70.0 and prior versions.
The 'mbse-bbs' application is prone to a local privilege-escalation vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service.
These issues affect 'mbse-bbs' 0.70.0 and prior versions.
Exploit / POC
MBSE-BBS MBSE_Root Multiple Local Privilege Escalation Vulnerabilites
The following exploit code is available:
The following exploit code is available:
Solution / Fix
References
MBSE-BBS MBSE_Root Multiple Local Privilege Escalation Vulnerabilites
References:
References:
- mbse-bbs Homepage (Michiel Broek )