Previously audited program with new holes: msg#00016

Download Firefox: Windows, Mac OS X

Previously audited program with new holes: msg#00016

Subject:	Previously audited program with new holes

  One of the previously examined programs which had a
 hole was crawl.  That involved the use of environmental
 variables.

  The new hole is the execution of commands without
 qualifying their paths, and without dropping privileges.

  The new DSA covers it:

        http://www.debian.org/security/2006/dsa-949

  An interesting problem to fix.  The program saves
 games beneath /var/games/crawl/ so it needs gid(games)
 privileges to write there...

  Exploit attached, along with the discussion.
-- 
Steve
-- 
# The Debian Security Audit Project.
http://www.debian.org/security/audit

crawl.txt
Description: Text document

crawl.sh
Description: Bourne shell script

signature.asc
Description: Digital signature

_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit

Special educational offers, white papers, webcasts, podcasts

WEBCAST: Register for “The Business Benefits of Enterprise Mashups” (Case Study)

WEBCAST: How to deploy and use WebSphere and VMware together” (Case Study)

WHITE PAPER: Writing Good Software Systems Development Use Cases. (Best Practices)

WHITE PAPER: Best practices for software analysis (Best Practices)

DOWNLOAD: Regis ter for Rational Trial Software Download – Rational Team Concert Free Information

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	Re: Report: August-December 2005, Martin Schulze
Next by Date:	For those who care about my auditing: January 2006 report, Ulf Harnhammar
Previous by Thread:	Re: Report: August-December 2005, Javier Fernández-Sanguino Peña
Next by Thread:	For those who care about my auditing: January 2006 report, Ulf Harnhammar
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
emacs.dvc.devel... java.displaytag... ietf.rfc822/199... linux.altlinux.... redhat.fedora.r... python.ctypes/2... video.panorama/... freedesktop.xor... audio.emagic.lo... netbsd.devel.us... documentation.t... yellowdog.gener... gnome.mono.mono... bacula.user/200... shells.bash.bug... xfree86.devel/2... culture.bicycle... mozilla.devel.n... web.squid.gener... user-groups.gul... kde.amarok.bugs... org.user-groups... handhelds.linux... tex.context/200...

Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo