Bugtraq mailing list archives
[8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993
From: 8lgm () bagpuss demon co uk ([8LGM] Security Team)
Date: Mon, 28 Nov 1994 02:21:50 GMT
This advisory has been sent to: comp.security.unix BUGTRAQ <bugtraq () fc net> CERT/CC <cert () cert org> =========================================================================== [8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993 PROGRAM: urestore(1) KNOWN VULNERABLE OS's: SVR4/i386 4.0.3 Potentially any SVR4 including urestore(1) DESCRIPTION: urestore(1) can be used to create or overwrite files anywhere on the filesystem. IMPACT: Any user with access to urestore(1) can become root. REPEAT BY: Exploit details will not be made available, until patches have been provided. FIX: Contact your vendor for a fix. WORKAROUND: In the meantime, limit access to urestore by changing mode on /sbin/restore. FEEDBACK AND CONTACT INFORMATION: 8lgm-bugs () bagpuss demon co uk (To report security flaws) 8lgm-request () bagpuss demon co uk (Mailing list additions - processed automatically; just send any message) 8lgm () bagpuss demon co uk (Everything else) System Administrators are encouraged to contact us for any other information they may require about the problems described in this advisory. We welcome reports about which platforms this flaw does or does not exist on. NB: 8lgm-bugs () bagpuss demon co uk is intended to be used by people wishing to report which platforms/OS's the bugs in our advisories are present on. Please do *not* send information on other bugs to this address - report them to your vendor and/or comp.security.unix instead. 8LGM MAILING LIST: Send any message to 8lgm-request () bagpuss demon co uk and the address you mail from will automatically be added to the list. If you need to subscribe to an address you cannot mail from (eg an alias), send mail to 8lgm () bagpuss demon co uk and request to be added to the list. Due to our mail volume, we appreciate it if you can use 8lgm-request instead; thus if you need to subscribe an alias, please look into using, say sendmail -f, if possible. 8LGM FILESERVER: All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver () bagpuss demon co uk' ===========================================================================
Current thread:
- /bin/mail Security Hole Nathan Lawson (Nov 26)
- Re: /bin/mail Security Hole Casper Dik (Nov 26)
- Re: /bin/mail Security Hole Neil Woods (Nov 26)
- [8lgm]-Advisory-8.UNIX.SunOS-kernel.11-Nov-1994 [8LGM] Security Team (Nov 27)
- [8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993 [8LGM] Security Team (Nov 27)
- [8lgm]-Advisory-13.UNIX.SCO-login.15-Apr-1994 [8LGM] Security Team (Nov 27)