Bugtraq mailing list archives
Re: Vunerability in HP sysdiag ?
From: tsr () cave isdn cs tu-berlin de (Tobias Richter)
Date: Wed, 25 Sep 1996 22:26:27 +0200
[rest of message deleted] I verified it for HP-UX 9.0X. Not only that, though. It is not sufficient to chmod u-s /bin/sysdiag. This leaves behind a bunch of programs in /usr/diag/bin which are still setuid to root and behave quite the same (i.e., they don't check for symlinks while creating 0666 log or temp files). A non-priviledged user can use any of these to create 0666 /.rhosts (or whatever else) files, with the known consequences.
But also priviledged users create these 0666 files and will follow bogus symlinks, too. You just have to create your symlink and wait for root to do his regular work. Therefore this:
Proposed solution: root# chmod u-s /bin/sysdiag /usr/diag/bin/*
is not enough. You will have to root# chmod a-x /bin/sysdiag /usr/diag/bin/* or get a patch quick. tobias -- ====================================================================== Tobias Richter Try my Homepage: file:/dev/zero
Current thread:
- Vunerability in HP sysdiag ? John W. Jacobi (Sep 21)
- Re: Vunerability in HP sysdiag ? Shaun Lowry (Sep 25)
- Re: Vunerability in HP sysdiag ? Aggelos P. Varvitsiotis (Sep 25)
- Re: Vunerability in HP sysdiag ? Tobias Richter (Sep 25)
- NT 4.0 default permissions Dan Shearer (Sep 25)
- HP-UX SAM hole... John W. Jacobi (Sep 25)
- NT security et al *Hobbit* (Sep 25)