Local Privilege Escalation in IBM OmniFind Enterprise Edition
CVE-2010-4236

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

Summary

The untrusted search path vulnerability in IBM OmniFind Enterprise Edition allows local users to exploit the ES_LIBRARY_PATH environment variable and a modified PATH environment variable to gain elevated privileges when executing the estasklight program. This vulnerability poses a significant risk by enabling unauthorized access to system functionalities, making it essential for users to update to a secure version to mitigate potential threats.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.exploit-db.com/exploits/15475

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Nov 12, 2010