BestCrypt Arbitrary Privileged Program Execution Vulnerability

BestCrypt is an encryption product that allows users to create encrypted loopback filesystems.

A vulnerability exists in the 'bctool' command-line interface program used with BestCrypt. When 'fsck' is executed for a specific filesystem type, it attempts to execute the 'fsck' utility appropriate for the specified filesystem. It does so relying on the PATH environment variable.

Attackers can use this vulnerability to execute an arbitrary program with effective user 'root' privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus