SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Top Vendors:   Caldera/SCO
Caldera Open UNIX (SCO) Top Utility Format String Flaw May Let Local Users Obtain Elevated Group Privileges
SecurityTracker Alert ID:  1002751
SecurityTracker URL:  http://securitytracker.com/id/1002751
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 14 2001
Impact:   Execution of arbitrary code via local system, User access via local system

Version(s): top 3.5beta5, from skunkware; other versions may be affected
Description:   A format string vulnerability was reported in the 'top' utility on Caldera Open UNIX, part of the Skunkware collection. A local user may be able to execute arbitrary commands and gain elevated group privileges.

It is reported that Skunkware top contains a format string vulnerability. Because it is configured with set group id (sgid) 'mem' group privileges, a local user may be able to execute arbitrary commands with 'mem' group privileges.

The author of the report notes that this format string issue has been previously reported for other operating systems.

Impact:   A local user may be able to obtain 'mem' group privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.caldera.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)

Message History:   None.


 Source Message Contents

Subject:  SCO skunkware top format strings issue


This is a known issue with other vendors... top format strings issue. 
SCO never "supported" skunkware it was out of courtesy that the binarys
were provided as I was once told. I assume Caldera takes the same 
position. 

root@atlantic.theatlanticclub.com #ls -al /usr/local/bin/top
lrwxrwxrwx   1 root     sys           45 Nov 12 12:42 /usr/local/bin/top -> /opt/K/SKUNK98/Top/3.5beta5/usr/local/bin/top
root@atlantic.theatlanticclub.com #ls -al /opt/K/SKUNK98/Top/3.5beta5/usr/local/bin/top
-rwxr-sr-x   1 root     mem        42200 Nov 12 12:41 /opt/K/SKUNK98/Top/3.5beta5/usr/local/bin/top

type k for kill while in top ... 
last pid:  1926;  load averages:  0.00,  0.02,  0.00                                                                            10:22:44
111 processes: 110 sleeping, 1 onproc
CPU states:     % idle,     % user,     % system,     % wait,     % sxbrk
Memory: 384M phys, 357M max, 272M free, 352M locked, 190M unlocked, 125M swap
kill %p%p%p

last pid:  1930;  load averages:  0.00,  0.02,  0.00                                                                            10:23:23
111 processes: 110 sleeping, 1 onproc
CPU states:     % idle,     % user,     % system,     % wait,     % sxbrk
Memory: 384M phys, 357M max, 272M free, 352M locked, 190M unlocked, 125M swap
 8005b3608059e1008047ce024: Not a number

ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/top-3.5beta5-VOLS.tar
^--- this is the only top package provided by caldera / SCO 

-KF 



--------------FC0FE99AC6C931BF9F70122B
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

 
--------------FC0FE99AC6C931BF9F70122B
Content-Type: application/octet-stream;
 name="SCOtop.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="SCOtop.txt"

VGhpcyBpcyBhIGtub3duIGlzc3VlIHdpdGggb3RoZXIgdmVuZG9ycy4uLiB0b3AgZm9ybWF0
IHN0cmluZ3MgaXNzdWUuIApTQ08gbmV2ZXIgInN1cHBvcnRlZCIgc2t1bmt3YXJlIGl0IHdh
cyBvdXQgb2YgY291cnRlc3kgdGhhdCB0aGUgYmluYXJ5cwp3ZXJlIHByb3ZpZGVkIGFzIEkg
d2FzIG9uY2UgdG9sZC4gSSBhc3N1bWUgQ2FsZGVyYSB0YWtlcyB0aGUgc2FtZSAKcG9zaXRp
b24uIAoKcm9vdEBhdGxhbnRpYy50aGVhdGxhbnRpY2NsdWIuY29tICNscyAtYWwgL3Vzci9s
b2NhbC9iaW4vdG9wCmxyd3hyd3hyd3ggICAxIHJvb3QgICAgIHN5cyAgICAgICAgICAgNDUg
Tm92IDEyIDEyOjQyIC91c3IvbG9jYWwvYmluL3RvcCAtPiAvb3B0L0svU0tVTks5OC9Ub3Av
My41YmV0YTUvdXNyL2xvY2FsL2Jpbi90b3AKcm9vdEBhdGxhbnRpYy50aGVhdGxhbnRpY2Ns
dWIuY29tICNscyAtYWwgL29wdC9LL1NLVU5LOTgvVG9wLzMuNWJldGE1L3Vzci9sb2NhbC9i
aW4vdG9wCi1yd3hyLXNyLXggICAxIHJvb3QgICAgIG1lbSAgICAgICAgNDIyMDAgTm92IDEy
IDEyOjQxIC9vcHQvSy9TS1VOSzk4L1RvcC8zLjViZXRhNS91c3IvbG9jYWwvYmluL3RvcAoK
dHlwZSBrIGZvciBraWxsIHdoaWxlIGluIHRvcCAuLi4gCmxhc3QgcGlkOiAgMTkyNjsgIGxv
YWQgYXZlcmFnZXM6ICAwLjAwLCAgMC4wMiwgIDAuMDAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
MTA6MjI6NDQKMTExIHByb2Nlc3NlczogMTEwIHNsZWVwaW5nLCAxIG9ucHJvYwpDUFUgc3Rh
dGVzOiAgICAgJSBpZGxlLCAgICAgJSB1c2VyLCAgICAgJSBzeXN0ZW0sICAgICAlIHdhaXQs
ICAgICAlIHN4YnJrCk1lbW9yeTogMzg0TSBwaHlzLCAzNTdNIG1heCwgMjcyTSBmcmVlLCAz
NTJNIGxvY2tlZCwgMTkwTSB1bmxvY2tlZCwgMTI1TSBzd2FwCmtpbGwgJXAlcCVwCgpsYXN0
IHBpZDogIDE5MzA7ICBsb2FkIGF2ZXJhZ2VzOiAgMC4wMCwgIDAuMDIsICAwLjAwICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIDEwOjIzOjIzCjExMSBwcm9jZXNzZXM6IDExMCBzbGVlcGluZywg
MSBvbnByb2MKQ1BVIHN0YXRlczogICAgICUgaWRsZSwgICAgICUgdXNlciwgICAgICUgc3lz
dGVtLCAgICAgJSB3YWl0LCAgICAgJSBzeGJyawpNZW1vcnk6IDM4NE0gcGh5cywgMzU3TSBt
YXgsIDI3Mk0gZnJlZSwgMzUyTSBsb2NrZWQsIDE5ME0gdW5sb2NrZWQsIDEyNU0gc3dhcAog
ODAwNWIzNjA4MDU5ZTEwMDgwNDdjZTAyNDogTm90IGEgbnVtYmVyCgpmdHA6Ly9mdHAyLmNh
bGRlcmEuY29tL3B1Yi9za3Vua3dhcmUvb3NyNS92b2xzL3RvcC0zLjViZXRhNS1WT0xTLnRh
cgpeLS0tIHRoaXMgaXMgdGhlIG9ubHkgdG9wIHBhY2thZ2UgcHJvdmlkZWQgYnkgY2FsZGVy
YSAvIFNDTyAKCi1LRiAKCg==
--------------FC0FE99AC6C931BF9F70122B--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC