BID:2497

FCheck Local Command Execution Vulnerability

Info

FCheck Local Command Execution Vulnerability

Bugtraq ID:	2497
Class:	Input Validation Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 20 2001 12:00AM
Updated:	Mar 20 2001 12:00AM
Credit:	Reported to bugtraq by Bob Niederman <[email protected]> on Tue, 20 Mar 2001.
Vulnerable:	Michael A. Gumienny FCheck 2.7.58 Michael A. Gumienny FCheck 2.7.51 Michael A. Gumienny FCheck 2.7.50 Michael A. Gumienny FCheck 2.7.49 Michael A. Gumienny FCheck 2.7.47 Michael A. Gumienny FCheck 2.7.46 Michael A. Gumienny FCheck 2.7.45 Michael A. Gumienny FCheck 2.7.40 Michael A. Gumienny FCheck 2.7.38 Michael A. Gumienny FCheck 2.7.34 Michael A. Gumienny FCheck 2.6.27

Not Vulnerable:	Michael A. Gumienny FCheck 2.7.59

Discussion

FCheck Local Command Execution Vulnerability

Fcheck is a perl-based file integrity checker which makes use of external programs (such as MD5) to run specific tests on the structure and contents of datafiles.

Vulnerable versions of FCheck make use of an insecurely-structured call to open() which fails to properly filter user-supplied input for shell metacharacters and shell commands.

A file whose name contains these characters may be placed in a location which is monitored by FCheck. If an attacker creates a file with malicious commands embedded within its name.

When passed to the shell for execution, these commands will be executed with the privilege level of the fcheck uid.

Exploit / POC

FCheck Local Command Execution Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

FCheck Local Command Execution Vulnerability

Solution:
The vendor notes:

"FCheck v2.07.58 and earlier [are] no longer supported."
http://www.geocities.com/fcheck2000/download.html

Michael A. Gumienny FCheck 2.6.27