O'Reilly Network: Insecurities in a Nutshell: Koules Local Root Exploit And MoreNov 29, 2000, 16:29 (0 Talkback[s])
(Other stories by Noel Davis)
"It has been reported that there is a local root vulnerability and exploit for the SVGA game Koules. It requires that Koules be installed with a setuid root bit set, so some installations may not be affected."
"The Oracle Connection Manager Control binary (cmctl) has a local exploit that allows any user to become the user and group that Oracle is installed under. It works by exploiting a buffer overflow in cmctl. There is a published exploit for Linux, but this may have been ported to other architectures. A workaround for this problem is to remove the suid bit from the program. If you do not use the setuid bits on this program or on other Oracle helper programs, you may want to consider removing the suid bits on all of the Oracle helper programs."
"A getty replacement for use with fax and data modem lines, mgetty has a vulnerability that can permit a local user to create or overwrite any file on the system. The problem is with the faxrunqd daemon that runs as root. The faxrunqd daemon will follow a symlink named .last_run that has been created in the world-writable /var/spool/fax/outgoing/ directory. The fix for this is to uninstall the package and replace it with a version dated after 10 Sep 2000."