Privilege Escalation Vulnerability in Sophster Suite

Privilege Escalation Vulnerability in Sophster Suite

CVE-2004-2611 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.

Learn more about our Web Application Penetration Testing UK.