VULHUB ™

The openexec binary makes poor use of its setuid privileges when calling various helper binaries such as: cp, rm and killall. Each of the mentioned binaries winds up being called while openexec is running as root. Using the PATH environment variable it is possible to influence openbase in a manner that forces it to call the various helper binaries from a location of the attackers choice. OpenBase SQL versions 10.0 and below are affected.

The openexec binary makes poor use of its setuid privileges when calling various helper binaries such as: cp, rm and killall. Each of the mentioned binaries winds up being called while openexec is running as root. Using the PATH environment variable it is possible to influence openbase in a manner that forces it to call the various helper binaries from a location of the attackers choice. OpenBase SQL versions 10.0 and below are affected.