[Bioclusters] local root exploit in Platform LSF 5.1 (bugtraq link enclosed)
Chris Dagdigian
bioclusters@bioinformatics.org
Thu, 22 May 2003 14:35:03 -0400
Excerpt:
> Impact: An attacker can gain root priviledge by forcing the 'lsadmin'
> binary to execute code of attackers choice. The 'lsadmin' binary
> is setuid root.
>
>
> Description:
>
> The 'lsadmin' binary has a "ckconfig" command. It uses it to check the
> correctness of config files. Right after it starts, it is using the
> external 'lim' binary . It is using the LSF_SERVERDIR variable in lsf.conf
> file to obtain a path for 'lim' binary. Regular user can make his own
> lsf.conf file and, by using the LSF_ENVDIR variable, force 'lsadmin' to
> use it instead of default /etc/lsf.conf file. Attacker can therefore point
> the LSF_SERVERDIR variable to his own 'lim' binary. The attackers 'lim'
> binary will be executed with setuid root priviledges.
>
>
URL: http://www.securityfocus.com/archive/1/322242/2003-05-19/2003-05-25/0
Regards,
Chris
--
Chris Dagdigian, <dag@sonsorol.org>
BioTeam Inc. - Independent Bio-IT & Informatics consulting
Office: 617-666-6454, Mobile: 617-877-5498, Fax: 425-699-0193
PGP KeyID: 83D4310E Yahoo IM: craffi Web: http://bioteam.net