Local privilege escalation via insecure file permissions (CVE-2016-1611)

Document ID:7017689
Creation Date:09-Jun-2016
Modified Date:30-Jun-2016
- Micro Focus Products:
  Filr

Environment

Novell Filr 2.0
Novell Filr 1.2

Situation

A privilege escalation vulnerability was found in Filr 1.2/2.0 that may allow a local attacker to elevate privileges to root via an unspecified file with insecure file permissions.

Resolution

A fix for this issue is available in the Filr 2.0 Hot Patch 2 and Filr 1.2 Hot Patch 6, available via the Novell Patch Finder.

Additional Information

See also: TID 7017791

CVE-2016-1611.
Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.