Andrew Christensen has reported a vulnerability in ISP Manager, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an input validation error within the setuid-binary usr/local/ispmgr/sbin/responder when handling arguments and can be exploited to execute arbitrary commands with root privileges.
The vulnerability is reported in version 220.127.116.11. Other versions may also be affected.
Solution: Grant only trusted users access to the affected system.
Provided and/or discovered by: Andrew Christensen, FortConsult
Original Advisory: http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org