PT-1999-1769 · Acushop · Acushop Salesbuilder

Published

1999-07-30

Updated

2016-10-18

CVE-1999-1536

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: AcuShop Salesbuilder (affected versions not specified)

Description: The issue concerns the .sbstart startup script in AcuShop Salesbuilder, which has world-writable permissions. This allows local users to escalate their privileges by appending malicious commands to the file.

Recommendations: For all affected versions, consider changing the permissions of the .sbstart startup script to prevent world-writable access, thereby restricting the ability of local users to modify the file and gain elevated privileges.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1536

Affected Products

Acushop Salesbuilder

PT-1999-1769 · Acushop · Acushop Salesbuilder

CVE-1999-1536

Related Identifiers

Affected Products

References · 4