PT-2016-4889 · Novell · Novell Filr
W. Ettlinger
·
Published
2016-08-01
·
Updated
2017-09-03
·
CVE-2016-1611
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Novell Filr versions 1.2 before Hot Patch 6
Novell Filr versions 2.0 before Hot Patch 2
Description
The issue allows local users to gain privileges by replacing the content of a specific file with arbitrary shell commands, due to world-writable permissions for /etc/profile.d/vainit.sh.
Recommendations
For Novell Filr version 1.2, apply Hot Patch 6 to resolve the issue.
For Novell Filr version 2.0, apply Hot Patch 2 to resolve the issue.
As a temporary workaround, consider restricting write access to the /etc/profile.d/vainit.sh file until a patch is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Novell Filr