All versions under the 4.2 release of Hobbit prior to 2006-Jun-30 suffer from a flaw where the logfetch utility can be used to read any file on the filesystem.
337360288f55afa7c676f60c1cb2467173030b6f20a3ccbf046e251a50a5a76f
I was just notified by a Hobbit user that the current beta client has
a security problem in the client "logfetch" utility, when installed as
suid-root (which is the default if "make install" is executed as root).
Impact
------
The effect of this is that any user who is able to login and create
files on a system with the Hobbit client installed, can use the "logfetch"
utility to get read access to any file on the system.
Which versions are affected
---------------------------
This issue affects all of the pre-release (alfa-, beta- and snapshot-versions)
of the Hobbit client version 4.2 released until today (2006-Jun-30), when the
client was installed as root and ~hobbit/client/bin/logfetch is suid-root.
The 4.1.x releases of the Hobbit client does not include the "logfetch"
utility, and are therefore NOT affected by this.
Remedy
------
It is recommended that you remove the suid bit from the logfetch utility
on systems where you have installed the Hobbit 4.2-beta client package.
To do this:
chmod 755 ~hobbit/client/bin/logfetch
Note that this may cause logfile monitoring to break, if the client does
not have read access to the monitored logfiles.
Running logfetch as suid-root will most likely be removed in the final
Hobbit 4.2 release of the client.
Regards,
Henrik Storner, the Hobbit developer
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed