30 matches found
CVE-2001-0370
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters...
CVE-2001-0370
CVE-2001-0370 affects the fcheck tool prior to version 2.57.59. The vulnerability arises because it calls the file signature checking program insecurely, allowing a local user to execute arbitrary commands by providing a file name containing shell metacharacters. This is a local-elevation style i...
Дырка в fcheck (input validation)
При вызове внешней программы с именем файла не проверяется наличией shell-символов в имени файла...
fcheck prior to 2.07.59 - vulnerability - improper use of perl 'magic open'
VULNERABLE: Probably all versions prior to 2.07.59 - the author of fcheck can't be bothered to note security fixes in his change log, but most likely all prior versions had this vulnerability. Vulnerability: by placing a carefully crafted filename in a directory checked by vulnerable versions of...
CVE-2000-0296
The CVE-2000-0296 entry documents a local privilege-escalation flaw in fcheck, where embedding shell metacharacters in file names processed by fcheck can allow a local user to gain higher privileges. The description and connected records confirm the affected component is fcheck, with the underlyi...
CVE-2000-0296
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck...
fcheck.txt
The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...
Дырка fcheck v.2.7.45
Вызов system из скрипта perl без проверки аргумента позволяет пользователю получить привелегии программы сконструировав специальное имя файла...
fcheck v.2.7.45 and insecure use of Perl's system()
The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...
CVE-2000-0296
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck...