SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#17566

sysback makes call to hostname without a fully qualified path specification

Overview

sysback, shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname.

I. Description

sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders can put a malicious hostname in the path before the "real" hostname, and thereby execute any commands with root privileges.

II. Impact

Local users can execute arbitrary commands and programs with root privileges.

III. Solution

Update to sysback.rte 4.2.1.13 as described in the IBM vendor statement.

Remove setuid root from sysback in environments that permit it (where such a change would not be detrimental to operations).

Systems Affected

VendorStatusDate NotifiedDate Updated
IBMVulnerable10-Dec-2000

References

Credit

Our thanks to Kiki Lee for reporting this vulnerability.

This document was written by Shawn V Hernan.

Other Information

Date Public:2000-12-10
Date First Published:2000-12-12
Date Last Updated:2000-12-12
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:1.35
Document Revision:6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2000 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader