vendor:
USB Creator
by:
Solar Designer
8.8
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: USB Creator
Affected Version From: Ubuntu Precise (12.04LTS) <= usb-creator: 0.2.38.3ubuntu
Affected Version To: Ubuntu Utopic (14.10) <= usb-creator 0.2.62ubuntu0.2
Patch Exists: YES
Related CWE: CVE-2015-1337
CPE: o:ubuntu:ubuntu_linux:12.04
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=106349, https://www.infosecmatter.com/nessus-plugin-library/?id=500424, https://www.infosecmatter.com/nessus-plugin-library/?id=89117, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/fileformat/ms15_020_shortcut_icon_dllloader, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/local/cve_2017_8464_lnk_lpe, https://www.infosecmatter.com/nessus-plugin-library/?id=127201, https://www.infosecmatter.com/nessus-plugin-library/?id=101815, https://www.infosecmatter.com/list-of-metasploit-windows-exploits-detailed-spreadsheet/, https://www.infosecmatter.com/nessus-plugin-library/?id=104997, https://www.infosecmatter.com/nessus-plugin-library/?id=107004
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2015
Privilege Escalation in Ubuntu via USB Creator
A vulnerability in the USB Creator utility of Ubuntu allows an attacker to gain root privileges on the system. The vulnerability is due to the fact that the USB Creator utility does not properly sanitize user-supplied input when running in KVM mode. An attacker can exploit this vulnerability by supplying malicious input to the USB Creator utility, which will then be executed with root privileges. This can be done by creating a shared library file containing malicious code and then supplying it as an argument to the USB Creator utility. The malicious code will then be executed with root privileges, allowing the attacker to gain full control of the system.
Mitigation:
Upgrade to the latest version of the USB Creator utility.
