MagniComp's SysInfo root setuid() Local Privilege Escalation Vulnerability

    Type

  • Local Privilege Escalation
  • Severity

  • High
  • Affected products

  • MagniComp's SysInfo
  • CVE Reference

  • N/A
Timeline

2016-06-23

Vulnerability Discovered

2016-07-20

Reported to MagniComp’s Security Team

2016-07-21

Fixes Confirmed

2016-08-23

Public Patch Released

2016-09-23

Advisory Released

Description

MagniComp's SysInfo enables system administrators to find and view highly detailed system, software, and hardware information on a variety of platforms.

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo for Linux could allow a local attacker to gain elevated privileges.

Impact

This vulnerability allows local users to gain root privilege and hence full control over the affected system.

Cause

The application relies on information passed to it from the shell to see where it is installed and where to find the configuration file. Additionally, the application relies on arbitrary arguments to decide which applications to execute.

Solution

Update to the latest version.

Technical Details

Refer to attached detailed advisory above.