Info

Disclosure

Aug 22, 2003

Discovery

Unknown

Dates

Exploit

Aug 25, 2003

Solution

Unknown

Description

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'viha_prep.sh' script allowing an arbitrary binary to be executed as root. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Upgrade to version 0.05d4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Binaervarianz.de Project

KisMAC

0.05d

References

Related OSVDB ID: 11846 11847 11848 11849 11850 11851 11852 11853 11855 2468
ISS X-Force ID: 13010
CVE ID: 2003-0704 (see also: NVD)
Bugtraq ID: 8497
Secunia Advisory ID: 9600
Other Advisory URL: http://www.atstake.com/research/advisories/2003/a082203-1.txt
Vendor URL: http://www.binaervarianz.de/projekte/programmieren/kismac/

Credit

Dave G. - davegatstake.com - @stake, Inc.

Direct URL: http://osvdb.org/11854