FreeBSD BubbleMon Privilege Elevation Vulnerability

BubbleMon is a visual system monitor utility.

A feature of BubbleMon allows users to specify up to two programs or shell-scripts, with arguments, which will be executed on a lef- or middle-mouse click within the BubbleMon icon.

FreeBSD releases of BubbleMon, prior to the current version (1.32), willl execute these supplied commands with inappropriately high privilege. By creating a malicious script, then specifying its path to BubbleMon, an attacker can execute arbitrary commands with the privilege level of kmem.


 

Privacy Statement
Copyright 2010, SecurityFocus