SunOS loadmodule Double IFS Privilege Escalation

1995-01-02T00:00:00
ID OSVDB:5899
Type osvdb
Reporter OSVDB
Modified 1995-01-02T00:00:00

Description

Vulnerability Description

SunOS contains a flaw in loadmodule that may allow a malicious local user to gain unauthorized root privileges. The issue is due to the way the loadmodule program fails to sanitize the path environment variable. Sun attempted to patch this by clearing the IFS variable but it can still be exploited by setting the IFS variable twice. This flaw may lead to a loss of Confidentiality and Integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Short Description

SunOS contains a flaw in loadmodule that may allow a malicious local user to gain unauthorized root privileges. The issue is due to the way the loadmodule program fails to sanitize the path environment variable. Sun attempted to patch this by clearing the IFS variable but it can still be exploited by setting the IFS variable twice. This flaw may lead to a loss of Confidentiality and Integrity.

References:

Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100448&zone_32=100448-03 Vendor Specific Advisory URL Related OSVDB ID: 5861 Related OSVDB ID: 5860 Other Advisory URL: http://www.attrition.org/security/advisory/8lgm/8lgm-23.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1995_3/0256.html ISS X-Force ID: 498 CVE-1999-0282 CVE-1999-1586 CIAC Advisory: g-02 CERT: CA-1995-12 CERT: CA-1993-18