[Prev][Next][Index]
Linux Security Bug - Attention
There is a security bug in Linux, details below.
I checked, Users can get root with this bug.
Solution: execute this command as root:
chmod 711 /usr/bin/splitvt
---------- Forwarded message ----------
Date: Sun, 3 Dec 1995 22:52:37 -0700 (MST)
From: root <root@crimson.cadvision.com>
To: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
Cc: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu,
bugtraq@crimelab.com, big-linux@netspace.org
Subject: Avalon Release
Avalon Security Research
Release 1.3
(splitvt)
Affected Program: splitvt(1)
Affected Operating Systems: Linux 2-3.X
Exploitation Result: Local users can obtain superuser privelages.
Bug Synopsis: A stack overflow exists via user defined unbounds checked
user supplied data sent to a sprintf().
--------------------------------------------- ....- --.. ----. -.. --. .
Arik Baratz, Regularus Studentus, iNTP, 4Z9DGE
---------------------------------------------------------------------------
"Your conscious mind is very intelligent, and your unconscious mind
is a hell of a lot smarter than you are."
- Erickson H. Milton
http://ccarik.technion.ac.il/~arikb