[14385] in bugtraq
Local root compromise in GNQS 3.50.6 and 3.50.7
daemon@ATHENA.MIT.EDU (Philippe Andersson)
Wed Mar 22 17:18:38 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------6EB63B5FEA332AF4547DC991"
Message-Id: <38D8C17C.E72EBBDE@ste.scitex.com>
Date: Wed, 22 Mar 2000 13:50:04 +0100
Reply-To: Philippe Andersson <philippe_andersson@STE.SCITEX.COM>
From: Philippe Andersson <philippe_andersson@STE.SCITEX.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------6EB63B5FEA332AF4547DC991
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
A large security hole was uncovered last month in Generic-NQS ver.
3.50.6 and 3.50.7. This hole leads to immediate local root compromise.
All users of those versions are requested to upgrade to ver. 3.50.8 or
later ASAP. The updated package can be downloaded from
<http://ftp.gnqs.org/pub/gnqs/latest/production/Generic-NQS-3.50.9.tar.gz>.
(Please note that versions as of 3.50.8 fail to compile on HP-UX 11.00 -
a fix for this platform should be released later this week).
Users of previous versions are not vulnerable. The fix introduced in
ver. 3.50.8 will also log any attempt at exploiting the vulnerability.
On the request of GNQS Maintainer, Stuart Herbert
<S.Herbert@sheffield.ac.uk>, I'm not releasing the actual exploit
technique, since it would allow any 5-year old with an shell account on
the affected system(s) to gain root in no time.
For more information about Generic-NQS, please check
<http://www.gnqs.org/>.
Credit for the discovery goes to Gilbert Mets, Unix System Manager @
Scitex Europe, S.A.
Have a nice day.
Ph. A.
--
//\\
\\//
///\\\
SCITEX
/*-----------------------------------------------------------------*/
/* Scitex Europe, S.A. | Philippe Andersson */
/* Dreve Richelle, 161, E-F,| PC & Network Specialist */
/* 1410 WATERLOO | philippe_andersson@ste.scitex.com */
/* BELGIUM | +32-2-352.25.93 Fax: +32-2-352.25.84 */
/*-----------------------------------------------------------------*/
--------------6EB63B5FEA332AF4547DC991
Content-Type: text/x-vcard; charset=us-ascii;
name="philippe_andersson.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Philippe Andersson
Content-Disposition: attachment;
filename="philippe_andersson.vcf"
begin:vcard
n:Andersson;Philippe
tel;cell:+32-75-54.16.56
tel;fax:+32-2-352.25.84
tel;home:+32-2-424.17.10
tel;work:+32-2-352.25.93
x-mozilla-html:FALSE
url:http://www.styx.demon.co.uk/smslink/
org:Scitex Europe, S.A.;MIS Dept.
version:2.1
email;internet:philippe_andersson@ste.scitex.com
title:PC & Network Specialist
adr;quoted-printable:;;Dr=E8ve RICHELLE, 161, E-F=0D=0A=0D=0A;Waterloo;;B-1410 Waterloo;Belgium
x-mozilla-cpt:;0
end:vcard
--------------6EB63B5FEA332AF4547DC991--
