rdist popen IFS Variable Privilege Escalation

1991-04-23T00:00:00
ID OSVDB:8106
Type osvdb
Reporter 8lgm(8lgm@bagpuss.demon.co.uk)
Modified 1991-04-23T00:00:00

Description

Vulnerability Description

rdist contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the IFS variable is modified which may allow a user to set arbitrary local programs SUID. This flaw may lead to a loss of confidentiality and integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However Sun, Cray, SGI and NeXTstep have released a patch to address this vulnerability.

Short Description

rdist contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the IFS variable is modified which may allow a user to set arbitrary local programs SUID. This flaw may lead to a loss of confidentiality and integrity.

References:

Vendor URL: http://www.magnicomp.com/rdist/7.0/doc/CHANGES Vendor Specific Advisory URL Other Advisory URL: http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Other Advisory URL: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Keyword: [8lgm]-Advisory-1.UNIX.rdist.23-Apr-1991 Keyword: /tmp/.sushi ISS X-Force ID: 7160 CVE-1999-1468 Bugtraq ID: 31