-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


TESO Security Advisory
01/01/2002

LIDS Linux Intrusion Detection System vulnerability


Summary
===================

    The "Linux Intrusion Detection System" security patch for the Linux kernel
    creates a security vulnerability. Exploitation is easy and local users may
    be able to gain unrestricted root priviledges.


Systems Affected
===================

    Almost any Linux system that uses the LIDS kernel patch.


Impact
===================

    By obtaining the configuration of the LIDS system with a capability
    scanner an attacker may find out which capabilities are granted to
    which programs. He then may gather these capabilities such as
    CAP_SYS_ADMIN or CAP_SYS_RAWIO by tricking these programs to
    execute attackers code with these capabilities.
    The attacker is able to disable LIDS system completely. Further,
    any user (not just root) is able to exploit this weakness.


Explanation
===================

    Further information about the insecurities of LIDS may be obtained from
    [2].


Solution
===================

    The vendors have been informed. Fixes should be available soon.


Acknowledgements
===================

    The bug has been discovered by Stealth.

    The tests and further analysis were done by Stealth.


Contact Information
===================

    The TESO crew can be reached by mailing to teso@team-teso.net
    Our web page is at https://www.team-teso.net/


References
===================

    [1] TESO
        http://www.team-teso.net/

    [2] http://stealth.7350.org/lids-hack.tgz


Disclaimer
===================

    This advisory does not claim to be complete or to be usable for any
    purpose. Especially information on the vulnerable systems may be inaccurate
    or wrong. Possibly supplied exploit code is not to be used for malicious
    purposes, but for educational purposes only.

    This advisory is free for open distribution in unmodified form.
    Articles that are based on information from this advisory should include
    link [1].


Exploit
===================

    TESO does not provide exploits for this weakness.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8M3qLcZZ+BjKdwjcRAlssAKCB4W4wCRmv4t1WidJ3L761R38hlwCfSpL/
z2sieYPZ/K/LIyTBtyC+PS8=
=ofwZ
-----END PGP SIGNATURE-----