Mtools 'mformat' Utility Lets Local Users Create Arbitrary Root-Owned Files
|
|
SecurityTracker Alert ID: 1009216 |
|
SecurityTracker URL: http://securitytracker.com/id/1009216
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 26 2004
|
Impact:
Disclosure of system information, Modification of system information, Root access via local system
|
|
Version(s): 3.9.9
|
Description:
A vulnerability was reported in mtools in the mformat program. A local user may be able to gain root privileges.
It is reported that when the mformat program is installed with set user id (setuid) root user privileges, a local user can invoke mformat to create any file with 0666 permissions (globally writable).
It is also reported that the application does not drop privileges when reading local configuration files, so a local user may be able to view arbitrary files on the system.
According to the report, the application is installed with setuid privileges on at least some platforms.
Sebastian Krahmer is credited with reporting this flaw.
|
Impact:
A local user can gain root privileges on the target system.
|
Solution:
No solution was available at the time of this entry. The report notes that you can remove the setuid bit on mformat as a workaround.
|
Vendor URL: mtools.linux.lu (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 26 Feb 2004 01:01:53 -0500
Subject: Mtools
|
Mandrake reported:
> Sebastian Krahmer found that the mformat program, when installed
> suid root, can create any file with 0666 permissions as root, and that
> it also does not drop privileges when reading local configuration
> files.
|
|
