FIDOGATE Logfile Path Input Validation Vulnerability

FIDOGATE is prone to an input validation error that may permit local users to append to or create files with the privileges of the program. The source of the problem is that the attacker may control the location of the logfile. Since the program is typically setuid 'news', this could be exploited to append to or create files in the context of that user.

This issue would only affect versions of the software for UNIX/Linux variants.


 

Privacy Statement
Copyright 2010, SecurityFocus