Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: [8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993

[8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993

[8LGM] Security Team (8lgmbagpuss.demon.co.uk)
Mon, 28 Nov 1994 02:21:50 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: [8LGM] Security Team: "[8lgm]-Advisory-8.UNIX.SunOS-kernel.11-Nov-1994"
Previous message: Neil Woods: "Re: /bin/mail Security Hole"

This advisory has been sent to:

	comp.security.unix

	BUGTRAQ			<bugtraqfc.net>
	CERT/CC			<certcert.org>

===========================================================================
               [8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993

PROGRAM:

	urestore(1)	

KNOWN VULNERABLE OS's:

	SVR4/i386 4.0.3
	Potentially any SVR4 including urestore(1)

DESCRIPTION:

	urestore(1) can be used to create or overwrite files anywhere
	on the filesystem.

IMPACT:

	Any user with access to urestore(1) can become root.

REPEAT BY:

        Exploit details will not be made available, until patches have
	been provided.
	
FIX:

	Contact your vendor for a fix.

WORKAROUND:

	In the meantime, limit access to urestore by changing mode on
	/sbin/restore.

FEEDBACK AND CONTACT INFORMATION:

        8lgm-bugsbagpuss.demon.co.uk           (To report security flaws)

        8lgm-requestbagpuss.demon.co.uk        (Mailing list additions -
						 processed automatically;
						 just send any message)

        8lgmbagpuss.demon.co.uk                (Everything else)

        System Administrators are encouraged to contact us for any
        other information they may require about the problems described
        in this advisory.

        We welcome reports about which platforms this flaw does or does
        not exist on.

        NB: 8lgm-bugsbagpuss.demon.co.uk is intended to be used by
        people wishing to report which platforms/OS's the bugs in our
        advisories are present on.  Please do *not* send information on
        other bugs to this address - report them to your vendor and/or
        comp.security.unix instead.

8LGM MAILING LIST:

	Send any message to 8lgm-requestbagpuss.demon.co.uk and the
	address you mail from will automatically be added to the list.

	If you need to subscribe to an address you cannot mail from
	(eg an alias), send mail to 8lgmbagpuss.demon.co.uk and request
	to be added to the list.  Due to our mail volume, we appreciate
	it if you can use 8lgm-request instead; thus if	you need to
	subscribe an alias, please look into using, say sendmail -f,
	if possible.

8LGM FILESERVER:

	All [8LGM] advisories may be obtained via the [8LGM] fileserver.
	For details, 'echo help | mail 8lgm-fileserverbagpuss.demon.co.uk'
===========================================================================

Next message: [8LGM] Security Team: "[8lgm]-Advisory-8.UNIX.SunOS-kernel.11-Nov-1994"
Previous message: Neil Woods: "Re: /bin/mail Security Hole"