Program: Etnus TotalView Version: 5.0.0-4 DESCRIPTION ----------- TotalView is a multiprocess source-level debugger for programs written in the C, C++, and Fortran programming languages. TotalView is part of a suite of programming tools from Etnus, LLC. PROBLEM ------- Failed to install the files owned by root:root, which leads to possible root comprise. If you have uid 5039, or can get it, or a gid of 59, or can get it, you can exploit the condition. VENDOR STATUS ------------- Vendor was informed, and promptly fixed it; if affected you can download the new version. The version tested was 5.0.0-4 for Linux. I don't know if affects any other versions. DEMONSTRATION ------------- [andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/ total 16 drwxrwxr-x 4 root root 4096 Mar 24 16:29 ./ drwxr-xr-x 19 root root 4096 Mar 24 16:29 ../ drwxrwxr-x 5 root root 4096 Mar 24 16:29 flexlm-6.1/ drwxrwxr-x 12 root root 4096 Mar 24 16:29 totalview.5.0.0-4/ [andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/totalview.5.0.0-4/ total 56 drwxrwxr-x 12 root root 4096 Mar 24 16:29 ./ drwxrwxr-x 4 root root 4096 Mar 24 16:29 ../ drwxrwxr-x 2 5039 59 4096 Mar 24 16:29 bin/ drwxrwxr-x 3 5039 59 12288 Jan 8 01:33 bitmaps/ drwxrwxr-x 2 5039 59 4096 Jan 8 01:36 fonts/ drwxrwxr-x 4 5039 59 4096 Feb 8 02:43 help/ drwxrwxr-x 2 5039 59 4096 Jan 9 06:31 include/ drwxrwxr-x 2 5039 59 4096 Jan 9 06:31 lib/ drwxrwxr-x 7 5039 59 4096 Jan 8 02:12 linux-x86/ drwxrwxr-x 3 5039 59 4096 Jan 8 01:36 man/ drwxrwxr-x 2 5039 59 4096 Jan 8 01:27 mri/ drwxrwxr-x 3 5039 59 4096 Jan 9 06:30 X11/ [andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/flexlm-6.1/ total 32 drwxrwxr-x 5 root root 4096 Mar 24 16:29 ./ drwxrwxr-x 4 root root 4096 Mar 24 16:29 ../ drwxrwxr-x 2 5039 59 4096 Jan 8 01:25 bin/ drwxrwxr-x 4 5039 59 4096 Jan 8 01:25 doc/ drwxrwxr-x 3 5039 59 4096 Jan 8 02:12 i386-linux/ -r--r--r-- 1 5039 59 228 Jan 8 01:24 license.opt.src -r--r--r-- 1 5039 59 6959 Jan 8 01:24 README [andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/flexlm-6.1/i386-linux/bin/ total 3244 drwxrwxr-x 2 5039 59 4096 Jan 8 02:12 ./ drwxrwxr-x 3 5039 59 4096 Jan 8 02:12 ../ -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmcksum* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmdiag* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmdown* -r-xr-xr-x 1 5039 59 260244 Jan 8 02:12 lmgrd* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmhostid* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmremove* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmreread* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmstat* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmswitchr* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmutil* -r-xr-xr-x 10 5039 59 260572 Jan 8 02:12 lmver* -r-xr-xr-x 1 5039 59 377356 Jan 8 02:12 toolworks* [andrewg@blackhole advisories]$ ls -alF /usr/local/toolworks/totalview.5.0.0-4/linux-x86/bin/ total 15960 drwxrwxr-x 2 5039 59 4096 Mar 24 16:29 ./ drwxrwxr-x 7 5039 59 4096 Jan 8 02:12 ../ -r-xr-xr-x 1 5039 59 4727166 Jan 8 02:15 hyperhelp* lrwxrwxrwx 1 5039 59 13 Mar 24 16:29 totalview -> ../../bin/tv5* lrwxrwxrwx 1 5039 59 16 Mar 24 16:29 totalviewcli -> ../../bin/tv5cli* lrwxrwxrwx 1 5039 59 13 Mar 24 16:29 tv5 -> ../../bin/tv5* lrwxrwxrwx 1 5039 59 16 Mar 24 16:29 tv5cli -> ../../bin/tv5cli* -r-xr-xr-x 1 5039 59 3412128 Feb 5 01:00 tv5climain* -r-xr-xr-x 1 5039 59 6005964 Feb 5 00:59 tv5main* lrwxrwxrwx 1 5039 59 16 Mar 24 16:29 tvdsvr -> ../../bin/tvdsvr* -r-xr-xr-x 1 5039 59 373208 Feb 5 01:00 tvdsvrmain* -r-xr-xr-x 1 5039 59 1763856 Jan 8 02:16 vismain* lrwxrwxrwx 1 5039 59 19 Mar 24 16:29 visualize -> ../../bin/visualize* -- www.tasmail.com
