| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Oct 2003 15:08:02 +0200 From: Stefan Nordhausen <deletethis.nordhaus@...ormatik.hu-berlin.de> To: bugtraq@...urityfocus.com Subject: Local root exploit in SuSE Linux 8.2Pro Affected: SuSE Linux 8.2Pro Not affected: SuSE Linux 7.3Pro, non-SuSE distributions Possibly affected: other SuSE distributions Vulnerable package: susewm Impact: Local user can gain root privileges Exploit type: Symlink attack Release date: October 6th 2003 Vendor status: SuSE was contacted on September 4th (> 1 month ago). No SuSE-patch yet. A symlink vulnerability exists in the shell script /sbin/conf.d/SuSEconfig.susewm, line 86. This shell script is part of the "susewm" package. This package is required by the package "kdebase3", so if KDE3 is installed on your system(s), you should be vulnerable. This vulnerability can be used by a local attacker to gain root privileges. An exploit has already been written by me, but I will not release it before October 20th. Workaround: As there is no SuSE patch available yet, you will have to fix this yourself. You can use the following quick'n'dirty patch to fix the issue. Note however that I am NOT responsible if you mess up your system! You should know what you're doing! In the mentioned script you should replace _every_ occurrence of $r/tmp/susewm.$$ with the following: $r/root/susewm.$$ It's not pretty, but it should work. This advisory, contact information and the exploit can be found at http://www.hu-berlin.de/~nordhaus/sec/vul/index.html -- You cannot spell "believe" without "lie".
Powered by blists - more mailing lists