Bugtraq mailing list archives
Re: pmpost - another nice symlink follower
From: Jan-Frode Myklebust <janfrode () parallab uib no>
Date: Tue, 19 Jun 2001 09:35:57 +0200
On Mon, Jun 18, 2001 at 07:11:20PM +0200, Paul Starzetz wrote:
Hi, there is a symlink handling problem in the pcp suite from SGI. The binary pmpost will follow symlinks, if setuid root this leads to instant root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE package, though).
It's probably a very rare package under linux, but more common under IRIX. I just tested your exploit against SGI's binary release of PCP 2.1 under IRIX 6.5.12m, and it worked just fine (after minor fixes). -jf
Current thread:
- pmpost - another nice symlink follower Paul Starzetz (Jun 18)
- Re: pmpost - another nice symlink follower Jan-Frode Myklebust (Jun 19)
- Re: pmpost - another nice symlink follower Damian Menscher (Jun 20)
- Re: pmpost - another nice symlink follower Keith Owens (Jun 19)
- Re: pmpost - another nice symlink follower Lynton Clamp (Jun 19)
- Re: pmpost - another nice symlink follower Roman Drahtmueller (Jun 19)
- Re: pmpost - another nice symlink follower Dale Southard (Jun 19)
- Re: pmpost - another nice symlink follower Jan-Frode Myklebust (Jun 19)