Bugtraq mailing list archives
Re: pmpost - another nice symlink follower
From: Dale Southard <southard1 () llnl gov>
Date: 19 Jun 2001 09:18:48 -0700
With minor modifications, this also yields root with the IRIX version of PCP 2.1 running under IRIX 6.5.10. PCP 2.2 under IRIX 6.5.11+ not tested. Under IRIX `chmod 555 /usr/pcp/bin/pmpost` mitigates the root vulnerability (and presumably some of the PCP ``Notice Board'' functionality) until a patch is available. Paul Starzetz <paul () starzetz de> writes:
there is a symlink handling problem in the pcp suite from SGI. The binary pmpost will follow symlinks, if setuid root this leads to instant root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE package, though).
-- /* Dale Southard Jr. southard1 () llnl gov 925-422-1463 */ /* Computer Scientist, Accelerated Strategic Computing Initiative */ /* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */ /* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
Current thread:
- pmpost - another nice symlink follower Paul Starzetz (Jun 18)
- Re: pmpost - another nice symlink follower Jan-Frode Myklebust (Jun 19)
- Re: pmpost - another nice symlink follower Damian Menscher (Jun 20)
- Re: pmpost - another nice symlink follower Keith Owens (Jun 19)
- Re: pmpost - another nice symlink follower Lynton Clamp (Jun 19)
- Re: pmpost - another nice symlink follower Roman Drahtmueller (Jun 19)
- Re: pmpost - another nice symlink follower Dale Southard (Jun 19)
- Re: pmpost - another nice symlink follower Jan-Frode Myklebust (Jun 19)