Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

SuSE: Critical i4l (xmonisdn) Privilege Escalation Risk

suse
Calendar Grey December 8, 1999
Dist Suse Esm H88
Urgent patch needed for i4l (xmonisdn) as a critical vulnerability affects root access on SuSE installations.
xmonisdn which is part of the i4l package is installed setuid root by default. To control and display the status of the ISDN network connections xmonisdn uses exte...

Summary


Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/4047537_1edcd913e2b52798c5b9126b8927230e on line 19

______________________________________________________________________________

                        SuSE Security Announcement

        Package:  i4l (xmonisdn)
        Date:     Wed Aug 18 10:39:00 CEST 1999
        Affected: all Linux distributions using xmonisdn in conjunction
                  with old libc

______________________________________________________________________________

A security hole was discovered in the package mentioned above.
Please update as soon as possible or disable the service if you are using
this software on your SuSE Linux installation(s).

Other Linux distributions or operating systems might be affected as
well, please contact your vendor for information about this issue.

Please note, that that we provide this information on as "as-is" basis only.
There is no warranty whatsoever and no liability for any direct, indirect or
incidental damage arising from this information or the installation of
the update package.

______________________________________________________________________________

1. Problem Description

    xmonisdn which is part of the i4l package is installed setuid root
    by default.
    To control and display the status of the ISDN network connections
    xmonisdn uses external programs, which are executed by the system()
    systemcall, without taking care of a safe environment.
    The problem arises by old libc, that don't overwrite the IFS environment
    variable.

2. Impact

    By manipulating the IFS (or PATH) environment variable an attacker is
    able to execute his own programs with root privileges.

3. Solution

    A temporary fix:
      /bin/chmod u-s /usr/bin/xmonisdn

    Install the updated package, as soon as it is available from our
    ftp server.

______________________________________________________________________________

Webpage for patches:
        https://www.suse.com/de-de/

or try the following web pages for a list of mirrors:

        https://www.suse.com/de-de/
        
______________________________________________________________________________

Topics%20covered

Topics Covered

security advisory SuSE privilege escalation i4l package systemcall environment variable

References

Severity
critical
Lowest
Low
Medium
High
Critical


Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/4047537_c1d2d4f425d79c8c327f2b8603847ec6 on line 11

Topics%20covered

Topics Covered

security advisory SuSE privilege escalation i4l package systemcall environment variable

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here