SecurityTracker: (Vendor Issues New Version) Re: Portmon Lets Local Users Read and Write Arbitrary Files With Root Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Portmon

Vendors: Reiman, Nik

(Vendor Issues New Version) Re: Portmon Lets Local Users Read and Write Arbitrary Files With Root Privileges

SecurityTracker Alert ID: 1007063

SecurityTracker URL: http://securitytracker.com/id/1007063

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 25 2003

Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.7 and possibly prior versions

Description: A vulnerability was reported in Portmon. A local user can read from and write to arbitrary files on the system.

It is reported that a local user can invoke Portmon and specify a configuration file or log file command line option to view the contents of or write to any file on the system. Because Portmon is typically configured with set user id (setuid) root privileges, a local user can write files with root privileges to potentially gain root access on the system.

Some demonstration exploit commands are provided:

portmon -c /etc/shadow

portmon -l /etc/shadow

Impact: A local user can read arbitrary files on the system. A local user can cause certain text to be written to arbitrary files on the system.

Solution: The vendor has released a new version (1.9) that does not install portmon with setuid privileges. The new version apparently does not fix the underlying flaw, but prohibits unprivileged users from exploiting the flaw.

The new version is available at:

http://aboleo.net/software/portmon/downloads/
http://aboleo.net/software/portmon/downloads/portmon-1.9.tar.gz

For more information, see the vendor's bug report (Bug ID #4):

http://aboleo.net/software/portmon/bugs/4.ds

Vendor URL: aboleo.net/software/portmon/ (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry is a follow-up to the message listed below.

Portmon Lets Local Users Read and Write Arbitrary Files With Root Privileges

Source Message Contents

Date: Wed, 25 Jun 2003 17:58:49 -0400
Subject: portmon bug fix


http://aboleo.net/software/portmon/bugs/4.ds

 > Bug ID #4
 > Status:  	fixed

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC