eEye Retina Audit Script Local Privilege Escalation Vulnerability
BID:50585
Info
eEye Retina Audit Script Local Privilege Escalation Vulnerability
| Bugtraq ID: | 50585 |
| Class: | Design Error |
| CVE: |
CVE-2011-3337 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 08 2011 12:00AM |
| Updated: | Mar 19 2015 09:35AM |
| Credit: | Michael Rutkowski |
| Vulnerable: |
eEye Digital Security Retina 0 |
| Not Vulnerable: | |
Discussion
eEye Retina Audit Script Local Privilege Escalation Vulnerability
eEye Retina is prone to a local privilege-escalation vulnerability.
To exploit this issue, an attacker needs write permissions to place an executable file under the '/usr/local' file system.
An attacker with less privileges can exploit this issue to execute arbitrary code with privileges of the application.
eEye Retina is prone to a local privilege-escalation vulnerability.
To exploit this issue, an attacker needs write permissions to place an executable file under the '/usr/local' file system.
An attacker with less privileges can exploit this issue to execute arbitrary code with privileges of the application.
Exploit / POC
eEye Retina Audit Script Local Privilege Escalation Vulnerability
An attacker needs local interactive access to exploit this issue.
An attacker needs local interactive access to exploit this issue.
Solution / Fix
eEye Retina Audit Script Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
eEye Retina Audit Script Local Privilege Escalation Vulnerability
References:
References:
- eEye Digital Security Team Home Page (eEye)
- eEye Retina audit script could execute untrusted programs as root (US-CERT)
- eEye Retina Product Page (eEye Digital Security Team)