Debian suidmanager 0.18 - Command Execution
| EKU-ID: 24716 | CVE: CVE-1999-1390;OSVDB-6332 | OSVDB-ID: |
| Author: Thomas Roessler | Published: 1998-04-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 24716 | CVE: CVE-1999-1390;OSVDB-6332 | OSVDB-ID: |
| Author: Thomas Roessler | Published: 1998-04-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/94/info /usr/bin/suidexec will execute arbitrary commands as root, as soon as just _one_ suid root shell script can be found on the system: Just invoke /usr/bin/suidexec <your program> /path/to/script - it will happily execute your program with euid = 0. This is completely sufficient for doing arbitrary damage on the system.