SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#339089

star fails to set proper permissions on programs specified in RSH environment variable

Overview

Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges.

I. Description

Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on the local machine. This access program is specified in the RSH environment variable. Star fails to drop the effective user ID (euid) when calling the program specified by the RSH environment variable.

II. Impact

By specifying a shell script of their own devising, malicious local users can execute arbitrary code with permissions of the star program. If star is suid root, the arbitrary code will run with root permissions.

III. Solution

This issue is resolved in star 1.5a46, available at the star download page.

In general, do not run programs as setuid root if such a permission level is not required.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable13-Sep-2004
ConectivaUnknown16-Sep-2004
Cray Inc.Unknown16-Sep-2004
DebianVulnerable13-Sep-2004
EMC CorporationUnknown16-Sep-2004
EngardeUnknown16-Sep-2004
FreeBSDNot Vulnerable13-Sep-2004
FujitsuUnknown16-Sep-2004
Hewlett-Packard CompanyUnknown16-Sep-2004
HitachiUnknown16-Sep-2004
IBMUnknown16-Sep-2004
IBM-zSeriesUnknown16-Sep-2004
IBM eServerUnknown16-Sep-2004
ImmunixUnknown16-Sep-2004
Ingrian NetworksUnknown16-Sep-2004
Juniper NetworksNot Vulnerable14-Sep-2004
MandrakeSoftNot Vulnerable10-Sep-2004
MontaVista SoftwareUnknown16-Sep-2004
NEC CorporationUnknown16-Sep-2004
NETBSDUnknown16-Sep-2004
NokiaUnknown16-Sep-2004
NovellUnknown16-Sep-2004
OpenBSDUnknown16-Sep-2004
Openwall GNU/*/LinuxNot Vulnerable15-Sep-2004
RedhatUnknown16-Sep-2004
SCOUnknown16-Sep-2004
SequentUnknown16-Sep-2004
SGIUnknown16-Sep-2004
Sony CorporationUnknown16-Sep-2004
Sun Microsystems Inc.Unknown16-Sep-2004
SuSE Inc.Unknown16-Sep-2004
TurboLinuxVulnerable4-Apr-2005
UnisysUnknown16-Sep-2004
Wind River Systems Inc.Unknown16-Sep-2004

References


http://www.securityfocus.com/bid/11141
http://www.gentoo.org/security/en/glsa/glsa-200409-11.xml

Credit

Thanks to Joerg Schilling for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:2004-08-26
Date First Published:2004-09-16
Date Last Updated:2004-09-17
CERT Advisory: 
CVE-ID(s):CAN-2004-0850
NVD-ID(s):CAN-2004-0850
US-CERT Technical Alerts: 
Metric:4.28
Document Revision:7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader