WebSTAR Symlink Privilege Escalation

2004-07-13T16:41:29
ID OSVDB:7797
Type osvdb
Reporter Dave G.(daveg@atstake.com)
Modified 2004-07-13T16:41:29

Description

Vulnerability Description

WebSTAR contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to WebSTAR overwriting other files via symlink. By overwriting the files related to the cron subsystem, a local attacker can obtain administrative privileges, resulting in a loss of integrity.

Solution Description

Upgrade to version 5.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebSTAR contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to WebSTAR overwriting other files via symlink. By overwriting the files related to the cron subsystem, a local attacker can obtain administrative privileges, resulting in a loss of integrity.

References:

Vendor URL: http://www.4d.com/ Vendor Specific Advisory URL Secunia Advisory ID:12063 Related OSVDB ID: 7794 Related OSVDB ID: 7795 Related OSVDB ID: 7796 Other Advisory URL: http://www.atstake.com/research/advisories/2004/a071304-1.txt Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0005.html ISS X-Force ID: 16689 CVE-2004-0698