MTools MFormat Privilege Escalation Vulnerability

It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user.

A local attacker could exploit this issue by forcing the creation of sensitive system files that already exist. When the application formats the specified files, the target system file will be overwritten, destroying sensitive system data. Since the files that are given permissions 0666 and owned by root, the attacker may alter overwritten system configuration files, allowing for a escalation of privileges.


Privacy Statement
Copyright 2010, SecurityFocus