Executive Summary
Summary | |
---|---|
Title | DISA UNIX SRR scripts execute untrusted programs as root |
Informations | |||
---|---|---|---|
Name | VU#433821 | First vendor Publication | 2009-12-09 |
Vendor | VU-CERT | Last vendor Modification | 2009-12-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#433821DISA UNIX SRR scripts execute untrusted programs as rootOverviewThe Defense Information Systems Agency (DISA) UNIX Security Readiness Review (SRR) scripts find(1) and execute (-exec) various programs to obtain version information. The SRR scripts are designed to be run as root. An attacker who can write a file under the root file system may be able to exploit this vulnerability to execute arbitrary code with root privileges.I. DescriptionDISA provides SRR scripts to help perform security reviews of various operating systems and applications. The UNIX SRR scripts check versions of various programs by searching the root file system and executing programs with options to display version information. The scripts generally use find(1) with the -exec expression primary. The scripts execute programs based on file name. If an attacker can place a file with an appropriate name on the file system, that file will be executed by the SRR script. The SRR scripts are designed to be run with root privileges.II. ImpactAn attacker who is able to write a file under the root file system (most likely, but not necessarily a local user) can execute arbitrary code with root privileges.III. SolutionThe DISA Field Security Office (FSO) is reviewing the UNIX SRR scripts and preparing changes to address these issues.Modify SRR scripts
Systems Affected
References
Thanks to Frank Stuart for reporting these issues and working with DISA FSO. This document was written by Art Manion.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/433821 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60798 | DISA SRR Script for Solaris x86 Multiple Filename SUID Execution Local Privil... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-12-30 | IAVM : 2009-A-0136 - DISA UNIX Security Readiness Review (SRR) Scripts Local Privilege Escalation ... Severity : Category II - VMSKEY : V0022162 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-17 | Name : The remote host is affected by a local privilege escalation vulnerability. File : disa_unix_srr_2009-A-0136.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:50 |
|