Bugtraq mailing list archives
Vunerability in Lizards game
From: suid () BOMBER STEALTH COM AU (SUID)
Date: Wed, 12 Nov 1997 16:30:03 +1100
Greetings. Recently looking through the source of the suid root game called Lizards I noticed a vunerablity which is incredibly trivial to allow regular users at the console gain unauthorized root access. The exploitable code is found in the main portion of the code, on the second last line in fact: --- ... system("clear"); return EXIT_SUCCESS; } --- As this program does not seem anywhere through relinquish root privilidges, it executes "clear" (supposed to be /usr/bin/clear) as root, assuming everything is cool. Simple changing of the users PATH environment variable to something like PATH=.:/usr/games/lizardlib, then creating a symlink (or a sh script) called "clear" that executes a shell of your liking, will cause that command to be executed as root when the program exits. Voila, a root shell. Of course this requires the game to run smoothly. This game comes with Slackware 3.4 in the y package. Lame fix: chmod -s /usr/games/lizardlib/lizardshi Better fix: Change the source code, recompile lizards to reference "clear" absoloutley. Regards suid () stealth com au
Current thread:
- Re: Intel Pentium Bug, (continued)
- Re: Intel Pentium Bug Rubens Kuhl Jr. (Nov 07)
- Re: Intel Pentium Bug Ralf Baechle (Nov 10)
- Re: Intel Pentium Bug Barry Irwin (Nov 08)
- Re: Intel Pentium Bug Bjorn Wesen (Nov 08)
- Re: Intel Pentium Bug Peter Bierman (Nov 08)
- Re: Intel Pentium Bug Aleph One (Nov 08)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Microsoft Office security bug Inigo Gonzalez (Nov 11)
- What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
- Re: Microsoft Office security bug Aleph One (Nov 11)
- Vunerability in Lizards game SUID (Nov 11)
- Re: Vunerability in Lizards game Alex Murray (Nov 12)
- Re: Vunerability in Lizards game Olaf Titz (Nov 13)
- Re: Vunerability in Lizards game Kragen \ (Nov 13)
- Re: Vunerability in Lizards game Neil Levine (Nov 17)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
- Major Security Flaw in Cybercash 2.1.2 Kerri Kraft (Nov 19)
- IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 18)
- Microsoft Office security bug Aleph One (Nov 07)
- Re: Intel Pentium Bug Rubens Kuhl Jr. (Nov 07)
- Updating microcode on the fly Superuser (Nov 12)
- Re: Updating microcode on the fly Jyri Kaljundi (Nov 12)