OSVDB ID: 84709

Title: Viscosity setuid-set ViscosityHelper Binary Script Execution Symlink Local Privilege Escalation

Info

Disclosure

Aug 12, 2012

Discovery

Unknown

Dates

Exploit

Aug 12, 2012

Solution

Unknown

Description

Viscosity contains a flaw that may allow a malicious local user to gain escalated privileges. The issue is due to the setuid-set ViscosityHelper binary executing arbitrary scripts insecurely. This may allow a local attacker to use a symlink attack to gain elevated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public, Exploit Commercial
Disclosure: Third-party Verified, Uncoordinated Disclosure
OSVDB: Authentication Required

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

SparkLabs

Viscosity

1.4

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84709