Bugtraq mailing list archives
Re: BRU Vulnerability
From: gavrie () NETMOR COM (Gavrie Philipson)
Date: Thu, 8 Jun 2000 09:28:48 +0300
root wrote:
BRU backup software Vulnerability: Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system.
Why, am I wondering, would a sane person install BRU with setuid permissions? That's like installing tar with setuid permissions and wondering about overwritten files. On my systems, BRU words fine without any setuid/setgid perms. Gavrie. -- Gavrie Philipson Netmor Applied Modeling Research Ltd.
Current thread:
- BRU Vulnerability root (Jun 06)
- Re: BRU Vulnerability Gavrie Philipson (Jun 07)
- Re: BRU Vulnerability Jeremy Rauch (Jun 08)
- Re: BRU Vulnerability Theo Van Dinter (Jun 11)
- Re: BRU Vulnerability terry white (Jun 11)
- Exploit to the overflow in restore Ronald Huizer [Crew] (Jun 14)
- Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability Ussr Labs (Jun 14)
- BEA WebLogic JSP showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 11)
- Re: BRU Vulnerability Jeremy Rauch (Jun 08)
- Microsoft Security Bulletin (MS00-040) Microsoft Product Security (Jun 08)
- Mission statement for LKAP(Linux Kernel Auditing Project) Bryan Paxton (Jun 08)
- Re: BRU Vulnerability Gavrie Philipson (Jun 07)