[Bioclusters] local root exploit in Platform LSF 5.1 (bugtraq link enclosed)
Rayson Ho
bioclusters@bioinformatics.org
Thu, 22 May 2003 11:54:30 -0700 (PDT)
Thanks Chris,
If you see SGE or PBS security bugs, can you forward them to this
list??
Rayson
--- Chris Dagdigian <dag@sonsorol.org> wrote:
>
> Excerpt:
>
> > Impact: An attacker can gain root priviledge by forcing the
> 'lsadmin'
> > binary to execute code of attackers choice. The 'lsadmin' binary
> > is setuid root.
> >
> >
> > Description:
> >
> > The 'lsadmin' binary has a "ckconfig" command. It uses it to check
> the
> > correctness of config files. Right after it starts, it is using the
> > external 'lim' binary . It is using the LSF_SERVERDIR variable in
> lsf.conf
> > file to obtain a path for 'lim' binary. Regular user can make his
> own
> > lsf.conf file and, by using the LSF_ENVDIR variable, force
> 'lsadmin' to
> > use it instead of default /etc/lsf.conf file. Attacker can
> therefore point
> > the LSF_SERVERDIR variable to his own 'lim' binary. The attackers
> 'lim'
> > binary will be executed with setuid root priviledges.
> >
> >
>
> URL:
> http://www.securityfocus.com/archive/1/322242/2003-05-19/2003-05-25/0
>
>
>
> Regards,
> Chris
>
>
> --
> Chris Dagdigian, <dag@sonsorol.org>
> BioTeam Inc. - Independent Bio-IT & Informatics consulting
> Office: 617-666-6454, Mobile: 617-877-5498, Fax: 425-699-0193
> PGP KeyID: 83D4310E Yahoo IM: craffi Web: http://bioteam.net
>
> _______________________________________________
> Bioclusters maillist - Bioclusters@bioinformatics.org
> https://bioinformatics.org/mailman/listinfo/bioclusters
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com