OSVDB ID: 8950 Title: Confixx File Ownership Privilege Escalation |
Info |
|
|
Dates |
||||
|
|
Description |
SWSoft Confixx contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the restore function to change the ownership of arbitrary system files, including /etc/{passwd,shadow}. This flaw may lead to a loss of integrity. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Information Disclosure Impact: Loss of Confidentiality Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Upgrade to version 3.0.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable the backup script. |
Products |
|
References |
|
Credit |
|
pirschel.de -