8lgm-14.txt
ced15d8560fe28d72a6ada2943d590ad53a4b9c0f940f8be58d62e6fb39b8f0c
From 8lgm@bagpuss.demon.co.uk Sun Dec 04 05:50:26 MST 1994
This advisory has been sent to:
comp.security.unix
BUGTRAQ <bugtraq@fc.net>
CERT/CC <cert@cert.org>
SCO <security-alert@sco.com>
===============================================================================
[8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994
PROGRAM:
prwarn(1)
VERSION:
SCO UNIX 3.2v4.2
DESCRIPTION:
prwarn can be used to create files around the filesystem as group
auth.
IMPACT:
Any user with access to prwarn(1) can become root.
REPEAT BY:
Exploit details will not be made available, until a patch is
provided.
FIX:
Obtain a patch from SCO.
WORKAROUND:
Remove set bit from prwarn.
FEEDBACK AND CONTACT INFORMATION:
8lgm-bugs@bagpuss.demon.co.uk (To report security flaws)
8lgm-request@bagpuss.demon.co.uk (Mailing list additions -
processed automatically;
just send any message)
8lgm@bagpuss.demon.co.uk (Everything else)
System Administrators are encouraged to contact us for any
other information they may require about the problems described
in this advisory.
We welcome reports about which platforms this flaw does or does
not exist on.
NB: 8lgm-bugs@bagpuss.demon.co.uk is intended to be used by
people wishing to report which platforms/OS's the bugs in our
advisories are present on. Please do *not* send information on
other bugs to this address - report them to your vendor and/or
comp.security.unix instead.
8LGM MAILING LIST:
Send any message to 8lgm-request@bagpuss.demon.co.uk and the
address you mail from will automatically be added to the list.
If you need to subscribe to an address you cannot mail from
(eg an alias), send mail to 8lgm@bagpuss.demon.co.uk and request
to be added to the list. Due to our mail volume, we appreciate
it if you can use 8lgm-request instead; thus if you need to
subscribe an alias, please look into using, say sendmail -f,
if possible.
8LGM FILESERVER:
All [8LGM] advisories may be obtained via the [8LGM] fileserver.
For details, 'echo help | mail 8lgm-fileserver@bagpuss.demon.co.uk'
===========================================================================
--
-----------------------------------------------------------------------
$ echo help | mail 8lgm-fileserver@bagpuss.demon.co.uk (Fileserver help)
8lgm-bugs@bagpuss.demon.co.uk (To report security flaws)
8lgm-request@bagpuss.demon.co.uk (Request to be added to list)
8lgm@bagpuss.demon.co.uk (General enquiries)