Dominion SX /bin/busybox Permission Weakness Privilege Escalation

2005-06-29T11:20:43
ID OSVDB:17621
Type osvdb
Reporter Dirk Wetter()
Modified 2005-06-29T11:20:43

Description

Vulnerability Description

Dominion SX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the /bin/busybox file having default permissions of world-writable, which may allow an attacker replace the file causing arbitrary code execution with another user's privileges.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Raritan has released a patch to address this vulnerability.

Short Description

Dominion SX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the /bin/busybox file having default permissions of world-writable, which may allow an attacker replace the file causing arbitrary code execution with another user's privileges.

References:

Vendor URL: http://www.raritan.com/products/ Vendor Specific Solution URL: http://www.raritan.com/support/sup_upgrades.aspx Secunia Advisory ID:15853 Related OSVDB ID: 17620 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0248.html CVE-2005-2136 Bugtraq ID: 14084