The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.
References
Link | Resource |
---|---|
http://secunia.com/advisories/51415 | |
https://twitter.com/georgiaweidman/statuses/269138431567855618 | Vendor Advisory |
https://www.htbridge.com/advisory/HTB23123 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-10-20T16:00:00
Updated: 2014-10-20T15:57:00
Reserved: 2012-10-29T00:00:00
Link: CVE-2012-5697
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-10-20T16:55:06.010
Modified: 2014-12-16T17:23:34.680
Link: CVE-2012-5697
JSON object: View
Redhat Information
No data.
CWE