Multiple Vulnerabilities in MagniComp's SysInfo root setuid()

    Type

  • Local Privilege Escalation

    • Severity

  • High

    • Affected products

  • MagniComp's SysInfo

    • CVE Reference

  • N/A
Timeline

2016-07-25

Reported to MagniComp’s Security Team

2016-07-27

Fixes Confirmed

2016-08-23

Public Patch Released

2016-09-23

Advisory Released

Description

MagniComp's SysInfo enables system administrators to find and view highly detailed system, software, and hardware information on a variety of platforms.

Multiple vulnerabilities have been discovered in MagniComp's SysInfo which allow local users to read, write arbitrary files and execute arbitrary commands with root-level privileges.

Impact

Multiple vulnerabilities could allow an attacker to escalate their privileges to root and hence gain full control over the system.

Cause

The vulnerabilities are due to insufficient input validation, improper permission checks and insecure search path.

Solution

Update to the latest version.

Technical Details

Refer to attached detailed advisory above.