OpenUNIX Xsco xkbcomp Unspecified Privilege Escalation

2002-08-27T00:00:00
ID OSVDB:5044
Type osvdb
Reporter Olaf Kirch(okir@suse.de)
Modified 2002-08-27T00:00:00

Description

Vulnerability Description

SCO OpenUnix and UnixWare contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when SCO Xserver (Xsco) fails to properly drop privileges when invoking external commands. This flaw may lead to a loss of integrity.

Solution Description

Apply SCO hotfixes described in security advisory CSSA-2002-SCO.38 , as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

SCO OpenUnix and UnixWare contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when SCO Xserver (Xsco) fails to properly drop privileges when invoking external commands. This flaw may lead to a loss of integrity.

Manual Testing Notes

Existence of this flaw may be verified using an old example, provided by Pavel Kankovsky back in 1998:

$ Xserver -xkbdir 'id > /tmp/I_WAS_HERE;' [exit X server] $ grep root /tmp/I_WAS_HERE && echo 'Gotcha!'

$ cat > /tmp/xkbcomp

!/bin/sh

id > /tmp/I_WAS_HERE [ctrl+d] $ chmod a+x /tmp/xkbcomp $ Xserver -xkbdir /tmp [X server executes /tmp/xkbcomp]

References:

Vendor URL: http://www.sco.com Vendor Specific Advisory URL Related OSVDB ID: 5039 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=88653528226228&w=2 Keyword: erg711819b,sr850806,fz518676,CSSA-2002-SCO.38,xkb ISS X-Force ID: 9976 Generic Informational URL: http://www.sco.com/support/security/index.html CVE-2002-0987 Bugtraq ID: 5575