vendor:
Data Protector
by:
s7u55
6.5
CVSS
MEDIUM
Privilege Escalation
269
CWE
Product Name: Data Protector
Affected Version From: A.09.07
Affected Version To: A.10.40 build 118
Patch Exists: YES
Related CWE: CVE-2019-12982
CPE: a:micro_focus:data_protector
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Linux
2019
Micro Focus (HPE) Data Protector SUID Privilege Escalation
This module exploits the trusted `$PATH` environment variable of the SUID binary `omniresolve` in Micro Focus (HPE) Data Protector A.10.40 and prior. The `omniresolve` executable calls the `oracleasm` binary using a relative path and the trusted environment `$PATH`, which allows an attacker to execute a custom binary with `root` privileges.
Mitigation:
Upgrade to Micro Focus Data Protector A.10.40: OMNIRESOLVE, internal build 125, built on Mon Aug 19 19:22:20 2019
