Bugtraq mailing list archives

Re: Irix: suid_exec hole

From: Kari.Hurtta () ozone fmi fi (Kari E. Hurtta)
Date: Fri, 6 Dec 1996 00:17:38 +0200


Yuri Volobuev:

Yes, one more Irix root vulnerability, and yes, it's another suid program.

ABSTRACT

/sbin/suid_exec is owned by root and suid.  I don't know what it's supposed
to do, but it can be easily exploited by any local user to get root
priorities.  Exploit works on both 5.3 and 6.2 machines, it's part of
eoe.sw.unix and thus is installed on each and every machine.

FIX:

chmod -s /sbin/suid_exec


Seems that /sbin/suid_exec is part of ksh. At least it is mentioned
in manual page of ksh:

FILES
     /etc/passwd
     /etc/profile
     /etc/suid_profile
     $HOME/.profile
     /tmp/sh*
     /dev/null

Current thread:

Irix: suid_exec hole Yuri Volobuev (Dec 02)
- Re: Irix: suid_exec hole Kari E. Hurtta (Dec 05)
- <Possible follow-ups>
- Re: Irix: suid_exec hole Dean Gaudet (Dec 04)