CVE-2000-0781

Name of the Vulnerable Software and Affected Versions ARCServeIT Client Agent version 6.62

Description The issue arises from the uagentsetup in ARCServeIT Client Agent, which fails to properly check for the existence or ownership of a temporary file. This temporary file is later moved to the agent.cfg configuration file. As a result, local users can execute arbitrary commands by modifying the temporary file before it is moved.

Recommendations For ARCServeIT Client Agent version 6.62, consider restricting access to the temporary file used by uagentsetup to prevent unauthorized modifications until a patch is available. Additionally, monitor the agent.cfg configuration file for any suspicious changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.