Abuse Lisp scripts can be used to gain elevated privileges
| abuse-lisp-gain-privileges (11300) |  High Risk |
Description:
Abuse could allow a local attacker to gain elevated privileges on the system. If a local attacker uses a command line argument to specify alternate Lisp scripts to execute during startup, the attacker could execute arbitrary commands or modify files on the system with elevated privileges.
Consequences:
Gain Privileges
Remedy:
No remedy available as of July 9, 2011.
References:
- iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse.
- CVE-2002-1253: Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
Platforms Affected:
- Crack dot Com Abuse 2.00
Reported:
Nov 01, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net