Multiple Vulnerabilities in MagniComp's SysInfo root setuid()
Description
MagniComp's SysInfo enables system administrators to find and view highly detailed system, software, and hardware information on a variety of platforms.
Multiple vulnerabilities have been discovered in MagniComp's SysInfo which allow local users to read, write arbitrary files and execute arbitrary commands with root-level privileges.
Impact
Multiple vulnerabilities could allow an attacker to escalate their privileges to root and hence gain full control over the system.
Cause
The vulnerabilities are due to insufficient input validation, improper permission checks and insecure search path.
Solution
Update to the latest version.
Technical Details
Refer to attached detailed advisory above.