Hey folks,
During an evaluation of the SAP database for linux I located a
security issue in one of their suid binaries. This issue is a symlink
attack against a binary that makes an execve call to a file in your
current directory. The details of this issue are outlined below. You
should be able to exploit this by hand however I included a simple exploit.
The alert from SAP is located here:
http://www.sapdb.org/sap_db_alert.htm
This code and alert will be added to http://www.snosoft.com/research
During an evaluation of the SAP database for linux I located a
security issue in one of their suid binaries. This issue is a symlink
attack against a binary that makes an execve call to a file in your
current directory. The details of this issue are outlined below. You
should be able to exploit this by hand however I included a simple exploit.
The alert from SAP is located here:
http://www.sapdb.org/sap_db_alert.htm
This code and alert will be added to http://www.snosoft.com/research
-KF
---------
[ reply ]