Title: VariCAD File Overwrite Vulnerability
Severity: LOW
Description:
A vulnerability exists in the popular CAD application Varicad 7.0. The installation creates executable files which are world-writeable. This may allow a trojan program to overwrite program files, leaving the system open to further attacks such as replacing the executables with modified versions. In this case, an attacker may then wait for the user to run the modified binaries, which could, for example, create an suid shell in a hidden place or add to the users .rhosts file, which can lead to an elevation of privileges.
Affected Products:
- RedHat Linux 6.0.0 x
- VariCAD VariCAD 7.0.0
References:
- VariCAD: VariCAD support homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
