Bugtraq mailing list archives

Re: Repost: Security bug in SGI VideoFramer

From: martinh () mailhost emap co uk (martinh () mailhost emap co uk)
Date: Thu, 23 May 1996 10:03:01 +0000


On Tue, 14 May 1996, Hui-Hui Hu wrote:

Stardot Networks / Security vulnerability [SDN-2-sgi-videoframer]

PROBLEM. sb_encode is installed setuid in /usr/video/vfr/bin and does not
check for permissions/ownership. sb_encode takes an IRIS RGB-format image
file and spits out a VideoFramer format file (.vfr).

REPEAT BY: /usr/video/vfr/bin/sb_encode -o [file-to-overwrite] [iris-image]

             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

TEMPORARY FIX.

# chmod -s /usr/video/vfr/*


Since the sb_encode program is in a subdirectory of /usr/video/vfr/
shouldn't the fix be:

# chmod -R -s /usr/video/vfr/*


M.


##################################################################
# Martin Hargreaves (martin () datamodl demon co uk)  Computational #
# Director, Datamodel Ltd                                Chemist #
# Contract Unix system admin/Unix security              Sysadmin #
##################################################################

Current thread:

Repost: Security bug in SGI VideoFramer [SDN-2-sgi-videoframer] Hui-Hui Hu (May 14)
- Re: Repost: Security bug in SGI VideoFramer martinh () mailhost emap co uk (May 23)