Viscosity ViscosityHelper Symlink Attack Local Privilege Escalation
High Nessus Plugin ID 65700
SynopsisThe remote host is affected by a privilege escalation vulnerability.
DescriptionThe remote host has a version of Viscosity VPN client installed that has a path name validation flaw in the setuid-set ViscosityHelper binary. This flaw can be exploited to execute arbitrary code with root privileges.
SolutionUpgrade to Viscosity 1.4.2 or later.