FreeBSD k5su Wheel Group Membership Validation Vulnerability

k5su is a utility for the FreeBSD operating system which is similar to su.

To be used, the su utility normally requires that the local user is a member of the 'wheel' group. k5su does not sufficiently validate that the user possesses this group membership and may be used by arbitrary users who know the superuser password.

It should be noted that administrators must explicitly install k5su and this vulnerability is not present in default installations of the FreeBSD operating system.


 

Privacy Statement
Copyright 2010, SecurityFocus