Home page logo

bugtraq logo Bugtraq mailing list archives

Re: pmpost - another nice symlink follower
From: Dale Southard <southard1 () llnl gov>
Date: 19 Jun 2001 09:18:48 -0700

With minor modifications, this also yields root with the IRIX version
of PCP 2.1 running under IRIX 6.5.10.  PCP 2.2 under IRIX 6.5.11+ not

Under IRIX `chmod 555 /usr/pcp/bin/pmpost` mitigates the root
vulnerability (and presumably some of the PCP ``Notice Board''
functionality) until a patch is available.

Paul Starzetz <paul () starzetz de> writes:

there is a symlink handling problem in the pcp suite from SGI. The
binary pmpost will follow symlinks, if setuid root this leads to instant
root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
package, though).


/*  Dale Southard Jr.       southard1 () llnl gov        925-422-1463  */
/*  Computer Scientist, Accelerated Strategic Computing Initiative  */
/*  L-550,  Lawrence Livermore National Lab,  Livermore CA   94551  */
/*  AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving  */

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]