[3687] in bugtraq
Re: Security Problems in XMCD 2.1
daemon@ATHENA.MIT.EDU (Theo Van Dinter)
Tue Nov 26 18:23:54 1996
Date: Tue, 26 Nov 1996 16:14:48 -0500
Reply-To: Theo Van Dinter <felicity@kluge.net>
From: Theo Van Dinter <felicity@kluge.net>
X-To: "David J. Meltzer" <davem@ISS.NET>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.95.961126122846.12271F-100000@phoenix.iss.net>
On Tue, 26 Nov 1996, David J. Meltzer wrote:
> I have obtained the 2.1 release of XMCD and through a cursory
> examination of the code have uncovered another buffer overflow problem
> that appear to be exploitable to gain root access on the system. I have
> not verified that the hole is exploitable, although it definitely exists.
> As I stated before, if you remove the suid bit from xmcd, then you do not
> have to worry about upgrading other than for the new features that have
> been added, whether you can still function xmcd without the suid bit
> varies depending on your system.
On a side tangent, I grabbed the 2.1 binary (since I don't have the motif
libraries under Linux...) and installed it. It's not setuid by default...
On a side tangent, the standard rule of thumb is: "If a program doesn't
really need SUID/GID, don't give it SUID/GID." ... Doesn't fix the buffer
overrun, but it doesn't give the user root either...
--
-----------------------------------------------------------------------------
Theo Van Dinter www: http://www.kluge.net/~felicity/
Vice-President WPI Lens and Lights Active Member in SocComm Films
Member of WPI ACM AME for the Masque B-Term Show
Guillotine operators get severance pay.
-----------------------------------------------------------------------------
