TorrentTrader Insecure File Permission Multiple Local Privilege Escalation Vulnerability
BID:25536
Info
TorrentTrader Insecure File Permission Multiple Local Privilege Escalation Vulnerability
| Bugtraq ID: | 25536 |
| Class: | Design Error |
| CVE: |
CVE-2007-4536 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 04 2007 12:00AM |
| Updated: | Sep 05 2007 10:01PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
TorrentTrader TorrentTrader 1.0 |
| Not Vulnerable: | |
Discussion
TorrentTrader Insecure File Permission Multiple Local Privilege Escalation Vulnerability
TorrentTrader is prone to multiple local privilege-escalation vulnerabilities because the application fails to set proper file permissions on certain text files.
A local attacker can exploit these issues to execute arbitrary PHP code with the privileges of the webserver process.
TorrentTrader is prone to multiple local privilege-escalation vulnerabilities because the application fails to set proper file permissions on certain text files.
A local attacker can exploit these issues to execute arbitrary PHP code with the privileges of the webserver process.
Exploit / POC
TorrentTrader Insecure File Permission Multiple Local Privilege Escalation Vulnerability
An attacker can exploit these issues by gaining local interactive access to the affected computer.
An attacker can exploit these issues by gaining local interactive access to the affected computer.
Solution / Fix
TorrentTrader Insecure File Permission Multiple Local Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
TorrentTrader Insecure File Permission Multiple Local Privilege Escalation Vulnerability
References:
References:
- TorrentTrader Homepage (TorrentTrader)
- TorrentTrader v1.x Security announcement (TorrenTrader)