MagicSpam 2016-06-24 Security Vulnerability Full Disclosure

magicspam · Post by **magicspam** » Fri Sep 09, 2016 9:14 am

Summary

Local privilege escalation on select MagicSpam binaries on Linux based systems could expose ability of curl to overwrite arbitrary system files when manipulated by a local server shell account.

Security Rating

MagicSpam has assigned this vulnerability a CVSSv2 score of 6.6

AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/CDP:L/TD:M/CR:M/IR:M/AR:M
https://bit-sentinel.com/common-vulnera ... /IR:M/AR:M

Description

On Linux based systems, a non privileged shell account could utilize curl local options configuration to force an override of remote files to download and the corresponding destination file to write to. In conjunction with a call to specific binaries shipped with MagicSpam that use 'privileged' escalation for system interaction, this in turn could result in arbitrary system files to be overwritten. This vulnerability can only be exploited by a local system user either exposed via a separate system compromise, or a malicious or otherwise compromised local user. This cannot be exploited remotely.

Credits

This issue was discovered by Rack911 Labs (https://www.rack911labs.com)
Special thanks for their help in reporting this issue to 'Patrick' with Rack911 Labs.

Solution

This issue is resolved in MagicSpam Basic 2.0.3-2 , MagicSpam for Plesk 2.0.5-1, and MagicSpam PRO 2.1-5.3.

Wizard IT Products
Skip to content