FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.
During the analysis, it was observed that it is possible to abuse the Sudoer permissions of the software to perform a Privilege Escalation attack. An attacker with fruitywifi user privileges would be able to exploit issue #276 and can gain complete root access by executing commands as the superuser. Since the software has excessive sudo rights defined, it is possible to simply elevate the privileges without supplying any password by performing a simple command sudo bash.
Description
During the analysis, it was observed that it is possible to abuse the Sudoer permissions of the software to perform a Privilege Escalation attack. An attacker with fruitywifi user privileges would be able to exploit issue #276 and can gain complete root access by executing commands as the superuser. Since the software has excessive sudo rights defined, it is possible to simply elevate the privileges without supplying any password by performing a simple command
sudo bash.Identified By: loopspell