exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 23, 1999


SHA-256 | 69fc16f2c9ab050dd1ab5ea73ffa6eff0f79530c9e3040514b44fe214322dcdd


Change Mirror Download

Subject: Caldera Security Advisory SA-1997.13: Vulnerability in the "abuse"

Caldera Security Advisory SA-1997.13
Original report date: 15-Jul-1997
RPM build date: 29-Jul-1997
Original issue date: 19-Aug-1997

Topic: Vulnerability in the game "abuse"

I. Problem Description

There is a security vulnerability which installs the game abuse,
/usr/lib/games/abuse/abuse.console suid root. The abuse.console
program loads its files without absolute pathnames, assuming the
user is running abuse from the /usr/lib/games/abuse directory.
One of these files is the undrv program, which abuse executes
as root. If the user is not in the abuse directory when running
this, an arbitrary program can be substituted for undrv, allowing
the user to execute arbitrary commands as root

II. Impact

An unprivileged user can execute commands as root, or open a shell
as root.

Abuse was distributed on the following OpenLinux releases:
CND 1.0
Base 1.0
Lite 1.1
Base 1.1
Standard 1.1

To determine if you are effected and need this update you may do
the following:
rpm -q abuse
If the results show abuse-1.10-1 then you will need to update.

III. Solution

As a temporary workaround, you can remove the suid bit from
abuse (chmod -s /usr/lib/games/abuse/abuse.console). This
will fix the problem, but will render the abuse.console game
unusable to anyone except root.

A better solution is to install the new abuse-1.10-2 package
that contains the fixed version of abuse. It can be found
on Caldera/s FTP server. (ftp.caldera.com):


Source files are also available at:


The MD5 checksums (from the "md5sum" command) for these packages

dcfb1fc36d12f1dff9b137a96e0a92fd RPMS/abuse-1.10-2.i386.rpm
7ef5241a09f955bb7fe16abca716afac SRPMS/abuse-1.10-2.src.rpm

Changes in abuse-1.10-2 were:
* remove the setuid bit from /usr/lib/games/abuse/abuse.console
* added a secure setsuid wrapper /usr/games/abuse

CND will need to upgrade to a newer version of the RPM tool to
install this package. See:


IV. References / Credits

David Meltzer <davem@cmu.edu>


This advisory closes Caldera's internal bug report #801

V. PGP Signature

This message was signed with the PGP key for <security@caldera.com>.

This key can be obtained from:

Or on an OpenLinux CDROM under:

$Id: SA-1997.13,v 1.1 1997/08/19 16:08:52 ron Exp $

Version: 2.6.3a
Charset: noconv

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By