Datalynx suGuard uses relative path for execution
| datalynx-suguard-relative-paths (1543) |  High Risk |
Description:
The suGuard security package for DataLynx, Inc. could allow an attacker configured for suGuard to gain root privileges. The suGuard package uses the PATH environment variable to search for certain programs, which allows the attacker to trick the program into executing a trojan horse program to gain elevated privileges.
Platforms Affected:
- S4Software, suGuard
Remedy:
Disable suGuard and obtain a patch or upgrade from DataLynx, when it becomes available from the DataLynx Web site. See References.
NOTE: If disabling suGuard is not possible, you should pay close attention to the actions of the users authorized for suGuard.
Consequences:
Gain Privileges
References:
- @stake, Inc./L0pht Security Advisory 01/03/99, suGuard rev 1.0 from DataLynx at http://www.webproxy.com/research/advisories/1999/suguard.txt.
- DataLynx, Inc. Web site, suGUARD Access Security Software at http://www.dlxguard.com/suguard.htm.
- BID-186: DataLynx suGuard Vulnerability
- CVE-1999-0388: DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.
- OSVDB ID: 3186: suGuard sgrun Execute Arbitrary Local Commands
Reported:
Jan 03, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net