[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation Vulnerability

Author
Tim Brown
Risk
[
Security Risk High
]
0day-ID
0day-ID-22901
Category
local exploits
Date add
20-11-2014
CVE
CVE-2014-2630
Platform
linux
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux
CVE: CVE-2014-2630
Vendor: Compaq/Hewlett Packard
Product: Glance for Linux
Affected version: 11.00 and subsequent
Fixed version: HPSBMU03086 rev.3
Reported by: Tim Brown

Details:

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations.

SUIDFILE='/opt/perf/bin/xglance-bin' SUIDFILELS='-r-sr-xr-x 1 root bin 1301384 Dec 7 2012 /opt/perf/bin/xglance-bin' RPATH='-L/lib64' RPATHRELATIVE=yes RPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes
SUIDFILE='/opt/perf/bin/xglance-bin' SUIDFILELS='-r-sr-xr-x 1 root bin 1301384 Dec 7 2012 /opt/perf/bin/xglance-bin' RPATH='-L/lib64' RPATHRELATIVE=yes RPATHLS=N/A RAPTHEXISTS=N/A ISBAD=yes

#  0day.today [2024-12-26]  #