MagicSpam 2016-06-24 Security Vulnerability Full Disclosure

Want to keep up to date with the latest updates on MagicSpam? Here's where to get the goods on what's new in the world of MagicSpam developments!

Moderators: wizard, magicspam

Post Reply
magicspam
Posts: 1552
Joined: Tue Oct 28, 2008 2:27 pm

MagicSpam 2016-06-24 Security Vulnerability Full Disclosure

Post by magicspam » Fri Sep 09, 2016 9:14 am

Summary

Local privilege escalation on select MagicSpam binaries on Linux based systems could expose ability of curl to overwrite arbitrary system files when manipulated by a local server shell account.

Security Rating

MagicSpam has assigned this vulnerability a CVSSv2 score of 6.6

AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/CDP:L/TD:M/CR:M/IR:M/AR:M
https://bit-sentinel.com/common-vulnera ... /IR:M/AR:M

Description

On Linux based systems, a non privileged shell account could utilize curl local options configuration to force an override of remote files to download and the corresponding destination file to write to. In conjunction with a call to specific binaries shipped with MagicSpam that use 'privileged' escalation for system interaction, this in turn could result in arbitrary system files to be overwritten. This vulnerability can only be exploited by a local system user either exposed via a separate system compromise, or a malicious or otherwise compromised local user. This cannot be exploited remotely.

Credits

This issue was discovered by Rack911 Labs (https://www.rack911labs.com)
Special thanks for their help in reporting this issue to 'Patrick' with Rack911 Labs.

Solution

This issue is resolved in MagicSpam Basic 2.0.3-2 , MagicSpam for Plesk 2.0.5-1, and MagicSpam PRO 2.1-5.3.
-- MagicSpam Support Team --

Post Reply

Return to “News and Announcements”

Who is online

Users browsing this forum: No registered users and 9 guests