BugTraq
Hobbit monitor: Security issue with Hobbit 4.2-beta client Jun 30 2006 04:47PM
henrik hswn dk (Henrik Stoerner)

I was just notified by a Hobbit user that the current beta client has
a security problem in the client "logfetch" utility, when installed as
suid-root (which is the default if "make install" is executed as root).

Impact
------
The effect of this is that any user who is able to login and create
files on a system with the Hobbit client installed, can use the "logfetch"
utility to get read access to any file on the system.

Which versions are affected
---------------------------
This issue affects all of the pre-release (alfa-, beta- and snapshot-versions)
of the Hobbit client version 4.2 released until today (2006-Jun-30), when the
client was installed as root and ~hobbit/client/bin/logfetch is suid-root.

The 4.1.x releases of the Hobbit client does not include the "logfetch"
utility, and are therefore NOT affected by this.

Remedy
------
It is recommended that you remove the suid bit from the logfetch utility
on systems where you have installed the Hobbit 4.2-beta client package.

To do this:
chmod 755 ~hobbit/client/bin/logfetch

Note that this may cause logfile monitoring to break, if the client does
not have read access to the monitored logfiles.

Running logfetch as suid-root will most likely be removed in the final
Hobbit 4.2 release of the client.

Regards,

Henrik Storner, the Hobbit developer

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus