Vulnerability Note VU#637068
LabTech contains privilege escalation vulnerability
Original Release date: 23 Jan 2015 | Last revised: 29 Jan 2015

Overview
LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.

Description
CWE-284: Improper Access Control
LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.

Impact
A local, authenticated attacker may be able to gain root access to the system.

Solution
Apply an Update

This issue has been fixed in Labtech versions 100.237 and above, which is currently in beta at the time of this writing. Customers who wish to acquire this version must sign up for Labtech’s Beta program. Customers who are not able to upgrade or acquire version 100.237 of the software should consider the following workaround:
Remove world-writable access

Users who are unable to upgrade can manually remove world-writable permissions to the Labtech directories and startups scripts in order to mitigate this vulnerability.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedLabTech SoftwareAffected-20 Jan 2015If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C

Temporal
5.8
E:POC/RL:U/RC:UR

Environmental
5.8
CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

http://www.labtechsoftware.com/

Credit

Thanks to Iwan Boskamp for reporting this vulnerability.
This document was written by Todd Lewellen.

Other Information

CVE IDs:
CVE-2015-0926

Date Public:
23 Jan 2015

Date First Published:
23 Jan 2015

Date Last Updated:
29 Jan 2015

Document Revision:
23

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply