Linux dump could be used to execute external programs
| linux-dump-execute-code (5437) |  Medium Risk |
Description:
The dump backup utility in Red Hat Linux could be used by a local attacker to execute external programs with suid privileges.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of dump (0.4b19 or later) as stated in RHSA-2000:100-02. See References.
For other distributions:
Contact your distributor or See References.
References:
- BugTraq Mailing List, Fri Nov 03 2000 - 05:39:33 CST: Trustix Security Advisory - dump.
- BugTraq Mailing List, Mon Oct 30 2000 - 23:37:35 CST: Redhat 6.2 dump command executes external program with suid priviledge..
- Linux-Mandrake Security Update Advisory MDKSA-2000:065: dump.
- BID-1871: Multiple Vendor dump Insecure Environment Variables Vulnerability
- CVE-2000-1009: dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
- OSVDB ID: 13747: Red Hat Linux dump RSH Environment Variable Subversion Privilege Escalation
- US-CERT VU#153653: Linux dump uses environment variables insecurely, allowing for root compromise
Platforms Affected:
- RedHat Linux
Reported:
Oct 31, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this