MagicSpam 2016-06-24 Security Vulnerability Full Disclosure
Posted: Fri Sep 09, 2016 9:14 am
Summary
Local privilege escalation on select MagicSpam binaries on Linux based systems could expose ability of curl to overwrite arbitrary system files when manipulated by a local server shell account.
Security Rating
MagicSpam has assigned this vulnerability a CVSSv2 score of 6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/CDP:L/TD:M/CR:M/IR:M/AR:M
https://bit-sentinel.com/common-vulnera ... /IR:M/AR:M
Description
On Linux based systems, a non privileged shell account could utilize curl local options configuration to force an override of remote files to download and the corresponding destination file to write to. In conjunction with a call to specific binaries shipped with MagicSpam that use 'privileged' escalation for system interaction, this in turn could result in arbitrary system files to be overwritten. This vulnerability can only be exploited by a local system user either exposed via a separate system compromise, or a malicious or otherwise compromised local user. This cannot be exploited remotely.
Credits
This issue was discovered by Rack911 Labs (https://www.rack911labs.com)
Special thanks for their help in reporting this issue to 'Patrick' with Rack911 Labs.
Solution
This issue is resolved in MagicSpam Basic 2.0.3-2 , MagicSpam for Plesk 2.0.5-1, and MagicSpam PRO 2.1-5.3.
Local privilege escalation on select MagicSpam binaries on Linux based systems could expose ability of curl to overwrite arbitrary system files when manipulated by a local server shell account.
Security Rating
MagicSpam has assigned this vulnerability a CVSSv2 score of 6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/CDP:L/TD:M/CR:M/IR:M/AR:M
https://bit-sentinel.com/common-vulnera ... /IR:M/AR:M
Description
On Linux based systems, a non privileged shell account could utilize curl local options configuration to force an override of remote files to download and the corresponding destination file to write to. In conjunction with a call to specific binaries shipped with MagicSpam that use 'privileged' escalation for system interaction, this in turn could result in arbitrary system files to be overwritten. This vulnerability can only be exploited by a local system user either exposed via a separate system compromise, or a malicious or otherwise compromised local user. This cannot be exploited remotely.
Credits
This issue was discovered by Rack911 Labs (https://www.rack911labs.com)
Special thanks for their help in reporting this issue to 'Patrick' with Rack911 Labs.
Solution
This issue is resolved in MagicSpam Basic 2.0.3-2 , MagicSpam for Plesk 2.0.5-1, and MagicSpam PRO 2.1-5.3.