Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers prior to 10.11.013310 and 10.12.x prior to 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
honeywell intermec_pm42_firmware |
||
honeywell intermec_pm43_firmware |
||
honeywell intermec_pm23_firmware |
||
honeywell intermec_pd43_firmware |
||
honeywell intermec_pc42_firmware |
||
honeywell intermec_pc23_firmware |
||
honeywell intermec_pc43_firmware |