Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

suid_exec

From: redsecurity () netculture net (Javier Romeu)
Date: Sat, 7 Dec 1996 03:03:18 +0100

Hi all,
I've been following with interest the topic brought up by mr.
Volobuev about the suid_exec bug in ksh.
In fact, it has reminded me of some old bug in A/UX...This is what
I've found  in my hd under unix/bugs/aux:

-----------------------------------------------------------------------
#Program: ksh(1)
#Systems Affected: Systems running ksh(1) version 11/16/88a.
                   Some A/UX versions.
#Problem: suid_exec can be used to execute arbitrary programs as root.
          suid_exec checks permissions on files in a poor manner, and
          does not verify the interpreter used in a secure fashion.
#Solution: Obtain patch from your vendor. Remove set bit from
                suid_exec  in the interim.
----------------------------------------------------------------------

Is this the same bug???
Can some one with access to A/UX machines check if they are
vulnerable too? Thanks.

Regards,
Javier.
________________________________________________________
**************** R E D  S e c u r i t y ****************
Javier Romeu, Manager.
mailto:redsecurity () netculture net
Web: http://www.netculture.net/~redsecurity
Tel: +34-3-2098048                    Fax: +34-3-2048105
         Especialistas en *Seguridad* Informatica
********************************************************
Previous By Date Next
Previous By Thread Next

Current thread: