PT-1999-1769 · Acushop · Acushop Salesbuilder
Publicado
1999-07-30
·
Atualizado
2016-10-18
·
CVE-1999-1536
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
AcuShop Salesbuilder (affected versions not specified)
Description:
The issue concerns the .sbstart startup script in AcuShop Salesbuilder, which has world-writable permissions. This allows local users to escalate their privileges by appending malicious commands to the file.
Recommendations:
For all affected versions, consider changing the permissions of the .sbstart startup script to prevent world-writable access, thereby restricting the ability of local users to modify the file and gain elevated privileges.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Acushop Salesbuilder