Bugtraq mailing list archives

Re: Advisory: Berkeley pmake

From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Thu, 22 Nov 2001 09:48:20 +0100

21/11/2001 16:20:05, Paul Starzetz <paul () starzetz de> wrote:

1. Problem description
----------------------

There is a format string bug in the Berkeley's pmake 2.1.33 and below
(parallel make) package as well as a buffer overflow problem. Pmake is
suid root on various Linux distributions and uses root privileges for
binding to low TCP ports. The ordinary format string bug leads to local
root compromise on all vulnerable machines.


Default RedHat 7.2 not vulnerable :

[root@box etc]# more /etc/redhat-release
Red Hat Linux release 7.2 (Enigma)
[root@box etc]# uname -a
Linux box 2.4.9-13 #1 Tue Oct 30 20:11:04 EST 2001 i686 unknown
[root@box etc]# ls -l `which pmake`
-rwxr-xr-x    1 root     root        95708 aoû 21 12:55 /usr/bin/pmake

pmake isn't SUID root.

Nicolas Grégoire
http://www.exaprobe.com

Current thread:

Advisory: Berkeley pmake Paul Starzetz (Nov 21)
- <Possible follow-ups>
- Re: Advisory: Berkeley pmake Nicolas Gregoire (Nov 23)