Bugtraq mailing list archives

Re: BRU Vulnerability

From: jrauch () SECURITYFOCUS COM (Jeremy Rauch)
Date: Thu, 8 Jun 2000 14:05:26 -0700


On Thu, Jun 08, 2000 at 09:28:48AM +0300, Gavrie Philipson wrote:

root wrote:

BRU backup software Vulnerability:

        Description:
                You can change the log file BRU uses by changing the
                BRUEXECLOG environment variable. Since bru is setuid
                root you can append to any file on the system.


Why, am I wondering, would a sane person install BRU with setuid
permissions?
That's like installing tar with setuid permissions and wondering about
overwritten files.

On my systems, BRU words fine without any setuid/setgid perms.


By default, BRU is installed setuid root.  If it isn't, and is run by a
non-root user, it complains:
bru: [W171] warning - BRU must be owned by root and have suid bit set

Many (most) users who install BRU probably never think to check if its
installed setuid.  Should it be?  Probably not, but it is a very real
vulnerability under a default install.
-j

Current thread:

BRU Vulnerability root (Jun 06)
- Re: BRU Vulnerability Gavrie Philipson (Jun 07)
  - Re: BRU Vulnerability Jeremy Rauch (Jun 08)
    - Re: BRU Vulnerability Theo Van Dinter (Jun 11)
    - Re: BRU Vulnerability terry white (Jun 11)
    - Exploit to the overflow in restore Ronald Huizer [Crew] (Jun 14)
    - Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability Ussr Labs (Jun 14)
    - BEA WebLogic JSP showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 11)
  - Microsoft Security Bulletin (MS00-040) Microsoft Product Security (Jun 08)
  - Mission statement for LKAP(Linux Kernel Auditing Project) Bryan Paxton (Jun 08)