OSVDB ID: 4235

Title: KDbg .kdbgrc Permission Check Failure Arbitrary Command Execution

Info

Disclosure

Sep 09, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

KDbg contains a flaw that may allow a local user to execute arbitrary privileged commands. The issue is due to the program not checking file permissions on the .kdbgrc file. This may allow an attacker to insert custom commands to be run in the context of another user.

Classification

Location: Local Access Required
Attack Type: Attack Type Unknown
Impact: Impact Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 1.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Johannes Sixt

KDbg

1.2.8
1.2.9
1.9.1
1.9.2

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/4235