Title: KisMAC viha_prep.sh Arbitrary Program Execution
Aug 22, 2003
Aug 25, 2003
KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'viha_prep.sh' script allowing an arbitrary binary to be executed as root. This flaw may lead to a loss of integrity.
Local Access Required
Loss of Integrity
Upgrade to version 0.05d4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.