[17478] in bugtraq
Re: MDKSA-2000:065 - Linux-Mandrake not affected by dump
daemon@ATHENA.MIT.EDU (Adam Knight)
Sat Nov 4 00:58:14 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.21.0011021759250.28133-100000@admin3.jump.net>
Date: Thu, 2 Nov 2000 18:01:54 -0600
Reply-To: Adam Knight <ahknight@JUMP.NET>
From: Adam Knight <ahknight@JUMP.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001102152247.A30551@mandrakesoft.com>
You know, I tried this on Redhat 6.2, two different installs, and got the result
they're saying here. Perhaps this is only on *some* Redhat installs? Anyone
have an idea as to what would cause this to fail/succeed? My copy is certainly
SUID root, but the binary it made was SUID me.
On Thu, 2 Nov 2000, Linux Mandrake Security Team wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>________________________________________________________________________
>
> Linux-Mandrake Security Update Advisory
>________________________________________________________________________
>
>Package name: dump
>Date: November 2nd, 2000
>Advisory ID: MDKSA-2000:065
>
>Affected versions: None
>________________________________________________________________________
>
>Problem Description:
>
> In some instances, if dump is suid root, it can be used to gain root
> access. Two exploits have been published to prove this.
>________________________________________________________________________
>
>Linux-Mandrake ships dump suid root, however both exploits do not work
>under Linux-Mandrake. The end result is a shell that is suid by the
>user attempting the exploit, and not suid root which is the intended
>result.
>________________________________________________________________________
--
____________________________________________________________________________
Adam Knight ahknight@jump.net
MIS Developer http://www.jump.net
______________________________Codito, ergo sum______________________________
Allen's Axiom:
When all else fails, read the instructions.
