Re: sfxload issues.

From: OOZIE (oozie@hackpospolita.prv.pl)
Date: 01/04/02 

From: OOZIE <oozie@hackpospolita.prv.pl>
To: vuln-dev@securityfocus.com
Date: Thu, 3 Jan 2002 16:47:36 -0900

H3LL0 !

On Wed, 02 Jan 2002, l0rt wrote:
> Vendor : http://members.tripod.de/iwai/awedrv.html
> Program: sfxload
> OS : RH 7.1
> Version: 0.4.3
> SUID : No
> SGID : No
> Issue : This may get called by an suid helper binary which would allow
> a normal user to gain some more privs.
[...]

Oops... Red Hat 7.2 seems also to be vulnerable ;)
Well, I dunno if anyone will need this code, but maybe ... (?)

Best regards,
OOZIE

Relevant Pages

  • Re: -crawl- Is Crawl supposed to work at all?
    ... Do not use systemfrom a program with suid or sgid ... erly from programs with suid or sgid privileges on systems ... Dear bash authors, if you read this please, please kill thyself. ...
    (rec.games.roguelike.misc)
  • Re: -crawl- Is Crawl supposed to work at all?
    ... Do not use systemfrom a program with suid or sgid ... erly from programs with suid or sgid privileges on systems ... Dear bash authors, if you read this please, please kill thyself. ...
    (rec.games.roguelike.misc)
  • Re: -crawl- Is Crawl supposed to work at all?
    ... Do not use systemfrom a program with suid or sgid ... erly from programs with suid or sgid privileges on systems ... Out of luck, life sucks and then you die. ...
    (rec.games.roguelike.misc)
  • Re: Help!! Have I been attacked/compromised????
    ... they don't change the effective uid). ... >are SUID or SGID. ... any file created in that directory to the directory's gid rather than ...
    (comp.os.linux.security)
  • Re: Linux and security
    ... It's rwxrwxrwx, not wxrwxrwxr. ... And you forgot suid and sgid bits. ... yeah sorry about that, but is the order really so important :-)) (just ...
    (comp.os.linux.security)
Quantcast