CVE-2014-7180 – ElectricCommander 4.2.4.71224 Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-7180

23 Oct 2014 — Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files. Electric Cloud ElectricCommander anterior a 4.2.6 y 5.x anterior a 5.0.3 utiliza permisos de escritura universal para (1) eccert.pl y (2) ecconfigure.pl, lo que permite a usuarios locales ejecutar código Perl arbitrario mediante la modificación de estos ficheros. ElectricCommander version... • http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm • CWE-264: Permissions, Privileges, and Access Controls •