---

Security hole in the zgv program

The zgv program that ships with several Linux distributions is
vulnerable to an exploit that could give a malicious cracker a root
shell on your system.

When we went to press with this story, Red Hat had not shipped a
patched version of this program. Consequently, the safest way to
protect your system from this exploit is to remove the setuid root
bit from the executable.

Perform this step to plug the hole:

chmod 0511 `which zgv`

That will remove the setuid root bit on the executable, once
again restoring safety to your machine.

Thanks to the BUGTRAQ
posting
that addresses this problem.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis