OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: MDKSA-2000:065 - Linux-Mandrake not affected by dump
From: Adam Knight (ahknightJUMP.NET)
Date: Thu Nov 02 2000 - 18:01:54 CST

You know, I tried this on Redhat 6.2, two different installs, and got the result
they're saying here. Perhaps this is only on *some* Redhat installs? Anyone
have an idea as to what would cause this to fail/succeed? My copy is certainly
SUID root, but the binary it made was SUID me.

On Thu, 2 Nov 2000, Linux Mandrake Security Team wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>________________________________________________________________________
>
> Linux-Mandrake Security Update Advisory
>________________________________________________________________________
>
>Package name: dump
>Date: November 2nd, 2000
>Advisory ID: MDKSA-2000:065
>
>Affected versions: None
>________________________________________________________________________
>
>Problem Description:
>
> In some instances, if dump is suid root, it can be used to gain root
> access. Two exploits have been published to prove this.
>________________________________________________________________________
>
>Linux-Mandrake ships dump suid root, however both exploits do not work
>under Linux-Mandrake. The end result is a shell that is suid by the
>user attempting the exploit, and not suid root which is the intended
>result.
>________________________________________________________________________ 

--
____________________________________________________________________________
Adam Knight                                                ahknightjump.net
MIS Developer                                            http://www.jump.net
______________________________Codito, ergo sum______________________________

 Allen's Axiom:
    When all else fails, read the instructions.