CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
0.4%
LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.
CWE-284: Improper Access Control
LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.
A local, authenticated attacker may be able to gain root access to the system.
Apply an Update
This issue has been fixed in Labtech versions 100.237 and above, which is currently in beta at the time of this writing. Customers who wish to acquire this version must sign up for Labtech’s Beta program. Customers who are not able to upgrade or acquire version 100.237 of the software should consider the following workaround:
Remove world-writable access
Users who are unable to upgrade can manually remove world-writable permissions to the Labtech directories and startups scripts in order to mitigate this vulnerability.
637068
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 20, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Temporal | 5.8 | E:POC/RL:U/RC:UR |
Environmental | 5.8 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
<http://www.labtechsoftware.com/>
Thanks to Iwan Boskamp for reporting this vulnerability.
This document was written by Todd Lewellen.
CVE IDs: | CVE-2015-0926 |
---|---|
Date Public: | 2015-01-23 Date First Published: |