[3761] in bugtraq
suid_exec
daemon@ATHENA.MIT.EDU (Javier Romeu)
Fri Dec 6 21:16:24 1996
Date: Sat, 7 Dec 1996 03:03:18 +0100
Reply-To: redsecurity@netculture.net
From: Javier Romeu <redsecurity@netculture.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Hi all,
I've been following with interest the topic brought up by mr.
Volobuev about the suid_exec bug in ksh.
In fact, it has reminded me of some old bug in A/UX...This is what
I've found in my hd under unix/bugs/aux:
-----------------------------------------------------------------------
#Program: ksh(1)
#Systems Affected: Systems running ksh(1) version 11/16/88a.
Some A/UX versions.
#Problem: suid_exec can be used to execute arbitrary programs as root.
suid_exec checks permissions on files in a poor manner, and
does not verify the interpreter used in a secure fashion.
#Solution: Obtain patch from your vendor. Remove set bit from
suid_exec in the interim.
----------------------------------------------------------------------
Is this the same bug???
Can some one with access to A/UX machines check if they are
vulnerable too? Thanks.
Regards,
Javier.
________________________________________________________
**************** R E D S e c u r i t y ****************
Javier Romeu, Manager.
mailto:redsecurity@netculture.net
Web: http://www.netculture.net/~redsecurity
Tel: +34-3-2098048 Fax: +34-3-2048105
Especialistas en *Seguridad* Informatica
********************************************************
