|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Backup and Restore Utility Privilege Escalation Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Jul 18 2003 - 15:35:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Backup and Restore Utility Privilege Escalation Vulnerabilities
READ ONLINE:
http://www.secunia.com/advisories/9305/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
Backup and Restore Utility (BRU)
DESCRIPTION:
Two vulnerabilities have been reported in Backup and Restore Utility
for Unix (BRU), which can be exploited by malicious, local users to
escalate their privileges on a vulnerable system.
Both vulnerabilities are caused due to erroneous handling of command
line parameters. A boundary error exists, which can be exploited by
supplying an overly long (3050 characters), specially crafted command
line argument. A format string error also exists, which can be
exploited by supplying specially crafted arguments containing format
specifiers.
Successful exploitation of the two vulnerabilities will allow
execution of arbitrary code with "root" privileges.
The vulnerabilities have been reported in version 17.0 and prior.
However, according to the original advisory only the older version
from Enhanced Software Technologies (EST) was shipped with the suid
bit set (not the one from the TOLIS Group).
SOLUTION:
Remove the suid bit.
Reportedly, the TOLIS Group will fix this in future versions.
http://www.tolisgroup.com
REPORTED BY / CREDITS:
Kevin Finisterre (Secure Network Operations)
ORIGINAL ADVISORY:
http://www.secnetops.com/research/advisories/SRT2003-07-16-0358.txt
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]