CVE-2016-1611

high

Description

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.

References

https://www.novell.com/support/kb/doc.php?id=7017689

https://www.exploit-db.com/exploits/40161/

http://www.securityfocus.com/bid/92113

http://seclists.org/bugtraq/2016/Jul/119

Details

Source: Mitre, NVD

Published: 2016-08-01

Updated: 2026-05-06

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00054