[23243] in bugtraq
Re: Advisory: Berkeley pmake
daemon@ATHENA.MIT.EDU (Nicolas Gregoire)
Fri Nov 23 19:05:11 2001
Message-ID: <3bfcbbdb3d00b6e8@mel-rta8.wanadoo.fr> (added by mel-rta8.wanadoo.fr)
Date: Thu, 22 Nov 2001 09:48:20 +0100
To: Paul Starzetz <paul@starzetz.de>
Cc: bugtraq@securityfocus.com
From: Nicolas Gregoire <ngregoire@exaprobe.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
21/11/2001 16:20:05, Paul Starzetz <paul@starzetz.de> wrote:
>1. Problem description
>----------------------
>
>There is a format string bug in the Berkeley's pmake 2.1.33 and below
>(parallel make) package as well as a buffer overflow problem. Pmake is
>suid root on various Linux distributions and uses root privileges for
>binding to low TCP ports. The ordinary format string bug leads to local
>root compromise on all vulnerable machines.
Default RedHat 7.2 not vulnerable :
[root@box etc]# more /etc/redhat-release
Red Hat Linux release 7.2 (Enigma)
[root@box etc]# uname -a
Linux box 2.4.9-13 #1 Tue Oct 30 20:11:04 EST 2001 i686 unknown
[root@box etc]# ls -l `which pmake`
-rwxr-xr-x 1 root root 95708 aoû 21 12:55 /usr/bin/pmake
pmake isn't SUID root.
Nicolas Grégoire
http://www.exaprobe.com
