Archlinux Shaman Configuration File Local Privilege Escalation Vulnerability
BID:50668
Info
Archlinux Shaman Configuration File Local Privilege Escalation Vulnerability
| Bugtraq ID: | 50668 |
| Class: | Design Error |
| CVE: |
CVE-2011-4338 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 14 2011 12:00AM |
| Updated: | Nov 22 2011 10:57AM |
| Credit: | naguz |
| Vulnerable: |
Archlinux Shaman 0 |
| Not Vulnerable: | |
Discussion
Archlinux Shaman Configuration File Local Privilege Escalation Vulnerability
Archlinux Shaman is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting these issues will result in the complete compromise of affected computers.
Archlinux Shaman is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting these issues will result in the complete compromise of affected computers.
Exploit / POC
Archlinux Shaman Configuration File Local Privilege Escalation Vulnerability
An attacker can use a readily available text editor utility.
An attacker can use a readily available text editor utility.
Solution / Fix
Archlinux Shaman Configuration File Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Archlinux Shaman Configuration File Local Privilege Escalation Vulnerability
References:
References:
- Vendor Homepage (Archlinux)
- Shaman doesn't ask for root password. But gets root privileges!! (Shaman)