CVE-2012-5697 Information

Description

The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.

Reference

http://secunia.com/advisories/51415 https://twitter.com/georgiaweidman/statuses/269138431567855618 https://www.htbridge.com/advisory/HTB23123