VULHUB ™

A vulnerability has been discovered in NetUP UTM that may allow a user who is capable of executing code locally, gain elevated privileges. The problem occurs due to the 'nobody' users sudoers entry allowing the use of the '/bin/mv' utility with root privileges. As a result, a malicious user with 'nobody' privileges may be capable of gaining root privileges on a target system.

A vulnerability has been discovered in NetUP UTM that may allow a user who is capable of executing code locally, gain elevated privileges. The problem occurs due to the 'nobody' users sudoers entry allowing the use of the '/bin/mv' utility with root privileges. As a result, a malicious user with 'nobody' privileges may be capable of gaining root privileges on a target system.