Author: JT Smith
“UUCP is a well known tool suite for copying data between unix-like
systems. Zen-Parse reported that the higher privileges of uux (UID
uucp) aren’t dropped if long options instead of normal (short) options
are used. An attacker could exploit this hole, by specifying a malicious
configuration file to execute and/or access arbitrary data with the
privilege of user uucp.” Advisory posted at LinuxSecurity.com.
systems. Zen-Parse reported that the higher privileges of uux (UID
uucp) aren’t dropped if long options instead of normal (short) options
are used. An attacker could exploit this hole, by specifying a malicious
configuration file to execute and/or access arbitrary data with the
privilege of user uucp.” Advisory posted at LinuxSecurity.com.
Category:
- Linux
