[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] [Cobalt] Security Advisory - Majordomo

Subject: [cobalt-users] [Cobalt] Security Advisory - Majordomo
From: Jeff Bilicki <jeffb@xxxxxxxxxxxxx>
Date: Fri Jan 7 20:45:03 2000

Sorry this got delayed.

-------- Original Message --------
Subject: [cobalt-users] [Cobalt] Security Advisory - Majordomo
Date: Thu, 6 Jan 2000 06:55:07 -0800 (PST)
From: Jeff Lovell <jlovell@xxxxxxxxxxxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
To: cobalt-users@xxxxxxxxxxxxxxxxxx

Cobalt Networks -- Security Advisory -- 01.06.2000

Problem:
The currently installed version of majordomo that runs on all of
Cobalt's second and third generation products (Qube2, RaQ2, and
RaQ3) has a security issue that allows local users to obtain elevated
permissions.

Description:
There are two separate way to exploit this version of majordomo.
Majordomo's functions are performed through a wrapper program that
is installed setuid and setgid, and that wrapper calls all of the
packages functions.

#1  The resend function in vulnerable by passing the first command-line
    argument as a piped system command:

    '/usr/local/majordomo/wrapper resend "@|whoami"'

#2  By specifying an alternate configuration file that is Perl code,
    the user may execute arbitrary commands with an elevated status.

    sample config - foo.pl
    ----------------------
    #!/usr/bin/perl

    system("whoami");
    ----------------------

    '/usr/local/majordomo/wrapper majordomo -l foobar -C 'foo.pl'

Cobalt Networks is dedicated to providing secure platforms.
Accordingly, we have just completed a fix for this bug that is 
available in PKG format, which can be found at the following 
locations:

RaQ3i (x86)
ftp://ftp.cobaltnet.com/pub/experimental/security/majordomo/RaQ3-Security-1.5.pkg

RaQ2 (MIPS)
ftp://ftp.cobaltnet.com/pub/experimental/security/majordomo/RaQ2-Security-2.93.pkg

Qube2 (MIPS)
ftp://ftp.cobaltnet.com/pub/experimental/security/majordomo/Qube2-Security-2.7.pkg

MD5 sum                           Package Name
--------------------------------------------------------------------------
2f54c969e7f7f9603279dc6967837dd1  RaQ3-Security-1.5.pkg
b7102e8c153ea9e70aca97a6a90b7c2c  RaQ2-Security-2.93.pkg
e6a2b44bd18dbe9205db59a09b483e35  Qube2-Security-2.7.pkg

This package is currently in testing, and should only be
applied if the user feels their system is at risk.

Jeff Lovell
Software Engineer
Cobalt Networks
jlovell@xxxxxxxxxx

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
  - From: Jeff Lasman

Prev by Date: [cobalt-users] mailq and not getting email
Next by Date: Re: [cobalt-users] Restart Apache
Previous by thread: [cobalt-users] Webalizer PKG
Next by thread: Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index