SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Mtools Vendors:   mtools.linux.lu
Mtools 'mformat' Utility Lets Local Users Create Arbitrary Root-Owned Files
SecurityTracker Alert ID:  1009216
SecurityTracker URL:  http://securitytracker.com/id/1009216
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 26 2004
Impact:   Disclosure of system information, Modification of system information, Root access via local system

Version(s): 3.9.9
Description:   A vulnerability was reported in mtools in the mformat program. A local user may be able to gain root privileges.

It is reported that when the mformat program is installed with set user id (setuid) root user privileges, a local user can invoke mformat to create any file with 0666 permissions (globally writable).

It is also reported that the application does not drop privileges when reading local configuration files, so a local user may be able to view arbitrary files on the system.

According to the report, the application is installed with setuid privileges on at least some platforms.

Sebastian Krahmer is credited with reporting this flaw.

Impact:   A local user can gain root privileges on the target system.
Solution:   No solution was available at the time of this entry. The report notes that you can remove the setuid bit on mformat as a workaround.
Vendor URL:  mtools.linux.lu (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 26 2004 (Mandrake Issues Fix) Mtools 'mformat' Utility Lets Local Users Create Arbitrary Root-Owned Files
Mandrake has issued a fix.



 Source Message Contents

Subject:  Mtools


Mandrake reported:

 > Sebastian Krahmer found that the mformat program, when installed
 > suid root, can create any file with 0666 permissions as root, and that
 > it also does not drop privileges when reading local configuration
 > files.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC