Palo Alto PAN-OS Input Validation Flaw in root_reboot Lets Local Users Obtain Elevated Privileges
|
SecurityTracker Alert ID: 1036326 |
SecurityTracker URL: http://securitytracker.com/id/1036326
|
CVE Reference:
CVE-2016-1712
(Links to External Site)
|
Date: Jul 16 2016
|
Impact:
Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Palo Alto PAN-OS. A local user can obtain elevated privileges on the target system.
A local user can invoke the root_reboot utility to exploit an input validation flaw and execute arbitrary code on the target system with elevated privileges.
Kasif Dekel, CheckPoint Security Team, reported this vulnerability.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix (5.0.19, 5.1.12, 6.0.14, 6.1.12, 7.0.8).
The vendor's advisory is available at:
https://securityadvisories.paloaltonetworks.com/Home/Detail/45
|
Vendor URL: securityadvisories.paloaltonetworks.com/Home/Detail/45 (Links to External Site)
|
Cause:
Input validation error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|