VULHUB ™

A vulnerability has been reported for DSPAM that may allow an attacker to execute arbitrary code with elevated privileges. The issue lies in the fact that DSPAM is installed world-executable and setgid by default. The DSPAM application allows a user to specify various agents via the command-line. As a result, an unprivileged attacker may be capable of specifying a malicious executable to the application. When invoked, the executable will be run with the group privileges of DSPAM. This privilege escalation could assist in further attacks launched against a target system.

A vulnerability has been reported for DSPAM that may allow an attacker to execute arbitrary code with elevated privileges. The issue lies in the fact that DSPAM is installed world-executable and setgid by default. The DSPAM application allows a user to specify various agents via the command-line. As a result, an unprivileged attacker may be capable of specifying a malicious executable to the application. When invoked, the executable will be run with the group privileges of DSPAM. This privilege escalation could assist in further attacks launched against a target system.