[8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995

PROGRAM:

/usr/lib/loadmodule

VULNERABLE VERSIONS:

SunOS 4.1.* & Openwindows 3 with latest loadmodule patch.

DESCRIPTION:

loadmodule uses system(3) to find the architecture of the machine.

IMPACT:

Local users can obtain root access.

REPEAT BY:

A program to exploit this vulnerability is available as of now. This program has been tested with the latest Sun patch. To obtain this program, send mail to 8lgm-fileserver@8lgm.org, with a line in the body of the message containing:-

SEND load.root

DISCUSSION:

Using system(3) in setuid programs is bad practice. Sun's patch attempted to make this safe by reseting IFS before the call. Unfortunately, the patch does not do a thorough enough job.

FIX:

Contact vendor for fix.

STATUS UPDATE:

The file:

[8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995.README

will be created on www.8lgm.org. This will contain updates on any further versions which are found to be vulnerable, and any other information received pertaining to this advisory.

FEEDBACK AND CONTACT INFORMATION:

        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)

        8lgm@8lgm.org           (Everything else)

8LGM FILESERVER:

All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver@8lgm.org'

8LGM WWW SERVER:

[8LGM]'s web server can be reached at http://www.8lgm.org. This contains details of all 8LGM advisories and other useful information.