[24835] in bugtraq
Etnus TotalView 5.
daemon@ATHENA.MIT.EDU (Andrew Griffiths)
Tue Mar 26 13:47:09 2002
Date: Tue, 26 Mar 2002 21:49:06 +1100 (EST)
Message-Id: <200203261049.g2QAn6r25410@picton-ext.nt.tas.gov.au>
From: "Andrew Griffiths" <nullptr@tasmail.com>
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Program: Etnus TotalView
Version: 5.0.0-4
DESCRIPTION
-----------
TotalView is a multiprocess source-level debugger for programs written
in the C, C++, and Fortran programming languages. TotalView is part of
a suite of programming tools from Etnus, LLC.
PROBLEM
-------
Failed to install the files owned by root:root, which leads to possible root
comprise. If you have uid 5039, or can get it, or a gid of 59, or can get it,
you can exploit the condition.
VENDOR STATUS
-------------
Vendor was informed, and promptly fixed it; if affected you can download the new version.
The version tested was 5.0.0-4 for Linux. I don't know if affects any other versions.
DEMONSTRATION
-------------
[andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/
total 16
drwxrwxr-x 4 root root 4096 Mar 24 16:29 ./
drwxr-xr-x 19 root root 4096 Mar 24 16:29 ../
drwxrwxr-x 5 root root 4096 Mar 24 16:29 flexlm-6.1/
drwxrwxr-x 12 root root 4096 Mar 24 16:29 totalview.5.0.0-4/
[andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/totalview.5.0.0-4/
total 56
drwxrwxr-x 12 root root 4096 Mar 24 16:29 ./
drwxrwxr-x 4 root root 4096 Mar 24 16:29 ../
drwxrwxr-x 2 5039 59 4096 Mar 24 16:29 bin/
drwxrwxr-x 3 5039 59 12288 Jan 8 01:33 bitmaps/
drwxrwxr-x 2 5039 59 4096 Jan 8 01:36 fonts/
drwxrwxr-x 4 5039 59 4096 Feb 8 02:43 help/
drwxrwxr-x 2 5039 59 4096 Jan 9 06:31 include/
drwxrwxr-x 2 5039 59 4096 Jan 9 06:31 lib/
drwxrwxr-x 7 5039 59 4096 Jan 8 02:12 linux-x86/
drwxrwxr-x 3 5039 59 4096 Jan 8 01:36 man/
drwxrwxr-x 2 5039 59 4096 Jan 8 01:27 mri/
drwxrwxr-x 3 5039 59 4096 Jan 9 06:30 X11/
[andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/flexlm-6.1/
total 32
drwxrwxr-x 5 root root 4096 Mar 24 16:29 ./
drwxrwxr-x 4 root root 4096 Mar 24 16:29 ../
drwxrwxr-x 2 5039 59 4096 Jan 8 01:25 bin/
drwxrwxr-x 4 5039 59 4096 Jan 8 01:25 doc/
drwxrwxr-x 3 5039 59 4096 Jan 8 02:12 i386-linux/
-r--r--r-- 1 5039 59 228 Jan 8 01:24 license.opt.src
-r--r--r-- 1 5039 59 6959 Jan 8 01:24 README
[andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/flexlm-6.1/i386-linux/bin/
total 3244
drwxrwxr-x 2 5039 59 4096 Jan 8 02:12 ./
drwxrwxr-x 3 5039 59 4096 Jan 8 02:12 ../
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmcksum*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmdiag*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmdown*
-r-xr-xr-x 1 5039 59 260244 Jan 8 02:12 lmgrd*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmhostid*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmremove*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmreread*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmstat*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmswitchr*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmutil*
-r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmver*
-r-xr-xr-x 1 5039 59 377356 Jan 8 02:12 toolworks*
[andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/totalview.5.0.0-4/linux-x86/bin/
total 15960
drwxrwxr-x 2 5039 59 4096 Mar 24 16:29 ./
drwxrwxr-x 7 5039 59 4096 Jan 8 02:12 ../
-r-xr-xr-x 1 5039 59 4727166 Jan 8 02:15 hyperhelp*
lrwxrwxrwx 1 5039 59 13 Mar 24 16:29 totalview -> ../../bin/tv5*
lrwxrwxrwx 1 5039 59 16 Mar 24 16:29 totalviewcli -> ../../bin/tv5cli*
lrwxrwxrwx 1 5039 59 13 Mar 24 16:29 tv5 -> ../../bin/tv5*
lrwxrwxrwx 1 5039 59 16 Mar 24 16:29 tv5cli -> ../../bin/tv5cli*
-r-xr-xr-x 1 5039 59 3412128 Feb 5 01:00 tv5climain*
-r-xr-xr-x 1 5039 59 6005964 Feb 5 00:59 tv5main*
lrwxrwxrwx 1 5039 59 16 Mar 24 16:29 tvdsvr -> ../../bin/tvdsvr*
-r-xr-xr-x 1 5039 59 373208 Feb 5 01:00 tvdsvrmain*
-r-xr-xr-x 1 5039 59 1763856 Jan 8 02:16 vismain*
lrwxrwxrwx 1 5039 59 19 Mar 24 16:29 visualize -> ../../bin/visualize*
--
www.tasmail.com
