[Prev][Next][Index]

Linux Security Bug - Attention




    There is a security bug in Linux, details below.

    I checked, Users can get root with this bug.

    Solution: execute this command as root:

chmod 711 /usr/bin/splitvt

---------- Forwarded message ----------
Date: Sun, 3 Dec 1995 22:52:37 -0700 (MST)
From: root <root@crimson.cadvision.com>
To: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
Cc: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu,
    bugtraq@crimelab.com, big-linux@netspace.org
Subject: Avalon Release

		      Avalon Security Research 
			    Release 1.3
			     (splitvt)

Affected Program: splitvt(1)

Affected Operating Systems: Linux 2-3.X

Exploitation Result: Local users can obtain superuser privelages.

Bug Synopsis: A stack overflow exists via user defined unbounds checked
user supplied data sent to a sprintf().

--------------------------------------------- ....- --.. ----. -.. --. .
            Arik Baratz, Regularus Studentus, iNTP, 4Z9DGE
---------------------------------------------------------------------------

  "Your conscious mind is very intelligent, and your unconscious mind
     is a hell of a lot smarter than you are."
                                                 - Erickson H. Milton
http://ccarik.technion.ac.il/~arikb