suGuard sgrun Execute Arbitrary Local Commands

1999-01-03T00:00:00
ID OSVDB:3186
Type osvdb
Reporter OSVDB
Modified 1999-01-03T00:00:00

Description

Vulnerability Description

suGuard contains a flaw that allows any local user to gain root privileges. The flaw is due to suGuard's main application running the 'ps' program based on the user's PATH environment. When it calls the program it does so with root privileges, but does not verify the program it is running. A malicious local attacker can put a specially crafted 'ps' command in their path and have suGuard run it instead.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

suGuard contains a flaw that allows any local user to gain root privileges. The flaw is due to suGuard's main application running the 'ps' program based on the user's PATH environment. When it calls the program it does so with root privileges, but does not verify the program it is running. A malicious local attacker can put a specially crafted 'ps' command in their path and have suGuard run it instead.

References:

Vendor URL: http://www.dlxguard.com/ Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/1999_1/0029.html ISS X-Force ID: 1543 CVE-1999-0388 Bugtraq ID: 186