Abuse Lisp scripts can be used to gain elevated privileges
| abuse-lisp-gain-privileges (11300) |  High Risk |
Description:
Abuse could allow a local attacker to gain elevated privileges on the system. If a local attacker uses a command line argument to specify alternate Lisp scripts to execute during startup, the attacker could execute arbitrary commands or modify files on the system with elevated privileges.
Platforms Affected:
- Crack dot Com, Abuse 2.00
Remedy:
No remedy available as of November 29, 2008.
Consequences:
Gain Privileges
References:
- iDEFENSE Security Advisory 11.01.02, Buffer Overflow Vulnerability in Abuse at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=43.
- CVE-2002-1253: Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
Reported:
Nov 01, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net