Arbitrary Command Execution via Insecure File Signature Checking in fcheck Prior to 2.57.59

Arbitrary Command Execution via Insecure File Signature Checking in fcheck Prior to 2.57.59

CVE-2001-0370 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.

Learn more about our User Device Pen Test.