OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: tiger vulnerability

tiger vulnerability


Ellen L Mitchell (ellenmNET.TAMU.EDU)
Tue, 20 Jul 1999 09:37:39 -0500


-----BEGIN PGP SIGNED MESSAGE-----

A vulnerability in one of the scripts used by the unix security tool
Tiger has been discovered and a patch issued.

Tiger is a public domain package developed and maintained by Texas A&M
University, used for checking security problems on a Unix system. Due
to lack of checking, a local user can craft a command in such a way
that he may have the command executed with the privileges of the
process running Tiger (usually root).

While no known compromises have occurred due to this vulnerability,
it is recommended that the patch be applied if you run tiger.

Patches for tiger have been issued and are available at
ftp://net.tamu.edu/pub/security/TAMU/

Thanks to Michel Miqueu and Philippe Bourgeois of CERT-IST for
reporting the problem.

Ellen
- --
Ellen Mitchell
Network Group
Texas A&M University

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBN5SI2vjlKRxZFQKVAQGm2wQAqfJWT1nW5A3odbYWa+yvUYjRBkACBVac
hslPIEtX8xVTOgrsHVK5ugT3lD0jz6jQc2DVkIhp89dS4st/+GrFu6ikcg2PaN1x
a7YfqnpYxjRQuTEL9mVG67tyCvsxmOpzv/aTWwEd9AJofRbCUdWK1ruBe2P6Vd2s
B/BdszrqfbI=
=nyA0
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.0b3 on Tue Jul 20 1999 - 03:43:15 CDT