hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hsolink | Pharscape | 1.0.118 (including) | 1.0.118 (including) |
| Hsolink | Ubuntu | lucid | * |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590670
- http://ftp.de.debian.org/debian/pool/main/h/hsolink/hsolink_1.0.118.orig.tar.gz
- http://secunia.com/advisories/40713
- http://www.osvdb.org/66649
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590670
- http://ftp.de.debian.org/debian/pool/main/h/hsolink/hsolink_1.0.118.orig.tar.gz
- http://secunia.com/advisories/40713
- http://www.osvdb.org/66649