Debian: ISDNUtils Critical Exploit for Xmonisdn Security Risk
debian
December 13, 1999
We have received reports that the version of xmonisdn as distributed
in the isndutils package from Debian GNU/Linux 2.1 has a security
problem.
Topics Covered
Summary
Xmonisdn is an X applet that shows the status of the ISDN links. You can
configure it to run two scripts when the left or right mouse button are
clicked on it. Xmonisdn was installed setuid root so that the scripts
could do things like add and delete the default route. However is that
while the scripts were checked for owner root and not writeable by group
or others the scripts are run via the system() library function, which
spawns a shell to run it. This means that the scripts are open to attack
via IFS and/or PATH manipulation.
However, the setuid root isn't necessary anymore as the ISDN system now
offers other ways of preventing dialouts besides by manipulating network
routes. This can be done by anyone who can access /dev/isdnctrl0 and
/dev/isdninfo. On debian systems those are rw for group dialout, so if
xmonisdn is run by someone in group dialout, they can execute the
necessary isdnctrl commands.
wget url
will fetch the file for you
dpkg -i file.deb
will install the reference...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!