Multiple Vendor dump Insecure Environment Variables Vulnerability

dump is a utility included with various UNIX clones for the purpose of dumping filesystems. A vulnerability exists in the dump package that allows suid execution of other executables.

The dump command is dependent upon the RSH and TAPE environment variables for proper execution in Linux, and the RCMD_CMD environment variable in NetBSD. It is possible for a malicious user to set the RSH or RCMD_CMD environment variable path to any executable. Upon execution of dump program, the file referenced in the path of the environment variable will be executed with suid root priviledges. Successful exploitation of this vulnerability results in root compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus