CVE-2015-0926

Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/637068	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:labtech_software:labtech:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-02-01 02:59

Updated : 2015-02-03 15:20

NVD link : CVE-2015-0926

Mitre link : CVE-2015-0926

CVE.ORG link : CVE-2015-0926

JSON object : View

Products Affected

labtech_software

labtech

CWE

CWE-284

Improper Access Control

6.8 /10