OSVDB ID: 72119

Title: DirectAdmin Backup Creation Hard Link Check Weakness Local Privilege Escalation

Info

Disclosure

Apr 13, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 13, 2011

Description

DirectAdmin contains a flaw related to a failure to properly check hard links when creating backups that may allow a local attacker to gain elevated privileges and manipulate unspecified files via hard link attacks. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 1.38.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

JBMC Software

DirectAdmin

1.38.1

References

Secunia Advisory ID: 44389
Vendor Specific News/Changelog Entry: http://www.directadmin.com/features.php?id=1205

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/72119