O'Reilly Network: Insecurities in a Nutshell: Koules Local Root Exploit And More

"It has been reported that there is a local root vulnerability and exploit for the SVGA game Koules. It requires that Koules be installed with a setuid root bit set, so some installations may not be affected."

"The Oracle Connection Manager Control binary (cmctl) has a local exploit that allows any user to become the user and group that Oracle is installed under. It works by exploiting a buffer overflow in cmctl. There is a published exploit for Linux, but this may have been ported to other architectures. A workaround for this problem is to remove the suid bit from the program. If you do not use the setuid bits on this program or on other Oracle helper programs, you may want to consider removing the suid bits on all of the Oracle helper programs."

"A getty replacement for use with fax and data modem lines, mgetty has a vulnerability that can permit a local user to create or overwrite any file on the system. The problem is with the faxrunqd daemon that runs as root. The faxrunqd daemon will follow a symlink named .last_run that has been created in the world-writable /var/spool/fax/outgoing/ directory. The fix for this is to uninstall the package and replace it with a version dated after 10 Sep 2000."

Complete Story

Related Stories:

• O'Reilly Network: Insecurities in a Nutshell: Vixie cron Exploit and More(Nov 22, 2000)
• Security Portal: Weekly Linux Security Digest 2000/11/13 to 2000/11/19(Nov 20, 2000)
• LinuxSecurity.com: Linux Security Week - November 20th 2000 (Nov 20, 2000)
• LinuxSecurity.com: Linux Advisory Watch - November 17th 2000(Nov 18, 2000)
• Debian Security Advisory: New Debian cron packages released (Nov 18, 2000)
• Security Portal: Weekly Security Tools Digest 2000/11/10 to 2000/11/16(Nov 17, 2000)