October 31, 2001

SuSE: 'uucp' local privilege escalation

Author: JT Smith

"UUCP is a well known tool suite for copying data between unix-like
systems. Zen-Parse reported that the higher privileges of uux (UID
uucp) aren't dropped if long options instead of normal (short) options
are used. An attacker could exploit this hole, by specifying a malicious
configuration file to execute and/or access arbitrary data with the
privilege of user uucp." Advisory posted at LinuxSecurity.com.

Category:

  • Linux
Click Here!