CVE-2017-5671

Name of the Vulnerable Software and Affected Versions Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers versions prior to 10.11.013310 Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers versions 10.12.x prior to 10.12.013309

Description The issue allows local users to conduct a jailbreak attack and obtain root privileges by overwriting the /etc/shadow file, due to /usr/bin/lua being installed setuid to the itadmin account. This enables a BusyBox jailbreak attack.

Recommendations For versions prior to 10.11.013310, update to version 10.11.013310 or later. For versions 10.12.x prior to 10.12.013309, update to version 10.12.013309 or later. As a temporary workaround, consider restricting access to the /usr/bin/lua executable until a patch is available.