Advisories

ElectricCommander Local Privilege Escalation

Dell SecureWorks Security Advisory SWRX-2014-010 Wednesday, October 22, 2014

Advisory Information

Title: ElectricCommander Local Privilege Escalation
Advisory ID: SWRX-2014-010
Date published: Wednesday, October 22, 2014
CVE: CVE-2014-7180
CVSS v2 base score: 7.2
Date of last update: Wednesday, October 22, 2014
Vendors contacted: Electric Cloud, Inc.
Release mode: Coordinated
Discovered by: Sean Wright, Dell SecureWorks

Summary

ElectricCommander is a toolset that facilitates remote deployment of environment configurations from a centralized server to attached agents. Due to excessive file system permissions on two Perl source code files, an unprivileged local attacker can modify these files to insert code. The attacker's code is then executed as the privileged user running these administrative tools.

Download the PDF: SWRX-2014-010

PGP Signature

ElectricCommander Local Privilege Escalation

Advisory Information

Summary

Related Content

LV Ransomware

USAID-Themed Phishing Campaign Leverages U.S. Elections Lure

Counter Threat Unit Researchers Publish Threat Group Definitions