vendor:
JetAdmin
by:
SecurityFocus
7.5
CVSS
HIGH
Symbolic Link Following
N/A
CWE
Product Name: JetAdmin
Affected Version From: D.01.09
Affected Version To: D.01.09
Patch Exists: YES
Related CWE: N/A
CPE: a:hewlett_packard:jetadmin
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1998
HP JetAdmin Rev. D.01.09 Vulnerability
HP's JetAdmin Rev. D.01.09 software fails to check if it is following a symbolic link, allowing an attacker to create a link from /tmp/jetadmin.log to anywhere on the filesystem, with permissions for reading and writing by everyone on the system. This can be used to gain root access.
Mitigation:
Ensure that the JetAdmin software is up to date and that the log file is not a symbolic link.