[21096] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: pmpost - another nice symlink follower

daemon@ATHENA.MIT.EDU (Lynton Clamp)
Tue Jun 19 10:51:29 2001

Date: Tue, 19 Jun 2001 11:08:06 +0200
From: Lynton Clamp <lynton@nobarrier.co.za>
To: Paul Starzetz <paul@starzetz.de>
Cc: "bugtraq @ securityfocus . com" <bugtraq@securityfocus.com>
Message-ID: <20010619110806.E5622@ash.nobarrier.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
In-Reply-To: <3B2E3638.F3E822E4@starzetz.de>; from paul@starzetz.de on Mon, Jun 18, 2001 at 19:11:20 +0200

Found the same on one of our SuSE 7.1 workstations and can confirm that it
works on that as well.

Regards,

Lynton


On 2001.06.18 19:11:20 +0200 Paul Starzetz wrote:
> Hi,
> 
> there is a symlink handling problem in the pcp suite from SGI. The
> binary pmpost will follow symlinks, if setuid root this leads to instant
> root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
> package, though).
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21096] in bugtraq

Re: pmpost - another nice symlink follower

daemon@ATHENA.MIT.EDU (Lynton Clamp)Tue Jun 19 10:51:29 2001

daemon@ATHENA.MIT.EDU (Lynton Clamp)
Tue Jun 19 10:51:29 2001