CVE-2015-7556 – DeleGate 9.9.13 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2015-7556

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. DeleGate versión 9.9.13, permite a usuarios locales alcanzar privilegios como es demostrado por el programa dgcpnod setuid. Installation of DeleGate version 9.9.13 sets some binaries setuid root and at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can execute commands as root. • https://www.exploit-db.com/exploits/39134 http://seclists.org/fulldisclosure/2015/Dec/123 http://www.vapidlabs.com/advisory.php?v=159 • CWE-269: Improper Privilege Management •