VULHUB ™

Expect is a freely available tool designed for automating interactive programs such as telnet, ftp, and so forth. The program was originally written by Don Libes. Expect searches insecure directories for dynamic libraries when executing, such as /var/tmp. This makes it possible for a local user to place a malicious library in /var/tmp, and execute code with the privileges of the expect user. This problem could lead to an arbitrary local user gaining administrative access.

Expect is a freely available tool designed for automating interactive programs such as telnet, ftp, and so forth. The program was originally written by Don Libes. Expect searches insecure directories for dynamic libraries when executing, such as /var/tmp. This makes it possible for a local user to place a malicious library in /var/tmp, and execute code with the privileges of the expect user. This problem could lead to an arbitrary local user gaining administrative access.