VULHUB ™

It is reported that I-Spy is susceptible to a privilege escalation vulnerability in its 'runbin' binary. The 'runbin' binary uses its argv[0] to determine both the name of a binary to run, and the path to that binary. 'runbin' is installed setuid root by default. An attacker with local interactive access to a computer with an affected version of I-Spy installed would be able to exploit this fact to cause attacker specified binaries to be run as the superuser. I-Spy version 2.x is reported vulnerable to this issue.

It is reported that I-Spy is susceptible to a privilege escalation vulnerability in its 'runbin' binary. The 'runbin' binary uses its argv[0] to determine both the name of a binary to run, and the path to that binary. 'runbin' is installed setuid root by default. An attacker with local interactive access to a computer with an affected version of I-Spy installed would be able to exploit this fact to cause attacker specified binaries to be run as the superuser. I-Spy version 2.x is reported vulnerable to this issue.