There is a vulnerability in the /sbin/init.d/rmtmpfiles utility of
DEC/Compaq Tru64 UNIX, at least in versions V4.0D to V5.1 (probably all V4
and V5 versions, maybe even V3 and older). The vulnerability may be
exploited to gain root access.
To protect your machine, move the offending utility out of the way (so it
will not normally be used), e.g. with
mv -i /sbin/init.d/rmtmpfiles /sbin/init.d/rmtmpfiles.BLOCKED
More details (a better fix, possibly a working exploit) may be posted in a
week or so to the BugTraq mailing list (see
http://www.securityfocus.com/).
Some history:
Mon 27 Nov 00 Notified rich.boren_at_compaq.com (including full exploit)
Mon 27 Nov 00 Received acknowledgement, promises "to update you ... by mid
week (29th or 30th)"
Mon 4 Dec 00 After prompting on 30 Nov, says "engineering ... have not
had the chance to get through with their review/analysis"
Tue 12 Dec 00 Workaround posted to tru64-unix-managers, comp.unix.tru64
and comp.security.unix (cc rich.boren_at_compaq.com)
--
Paul Szabo - psz_at_maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
Received on Tue Dec 12 2000 - 00:44:56 NZDT