21/11/2001 16:20:05, Paul Starzetz <paul@starzetz.de> wrote: >1. Problem description >---------------------- > >There is a format string bug in the Berkeley's pmake 2.1.33 and below >(parallel make) package as well as a buffer overflow problem. Pmake is >suid root on various Linux distributions and uses root privileges for >binding to low TCP ports. The ordinary format string bug leads to local >root compromise on all vulnerable machines. Default RedHat 7.2 not vulnerable : [root@box etc]# more /etc/redhat-release Red Hat Linux release 7.2 (Enigma) [root@box etc]# uname -a Linux box 2.4.9-13 #1 Tue Oct 30 20:11:04 EST 2001 i686 unknown [root@box etc]# ls -l `which pmake` -rwxr-xr-x 1 root root 95708 aoû 21 12:55 /usr/bin/pmake pmake isn't SUID root. Nicolas Grégoire http://www.exaprobe.com
