From shok@cannabis.dataforce.net Fri Dec 24 02:26:40 1999 From: Matt Conover Resent-From: mea culpa To: BUGTRAQ@SECURITYFOCUS.COM Resent-To: jericho@attrition.org Date: Fri, 12 Nov 1999 09:18:07 +0300 Subject: [w00giving '99 #3, w00news] UnixWare 7's /var/sadm w00w00 Security Development (WSD) http://www.w00w00.org/advisories.html --------------------------------------------------------------------------- Relocation of w00w00.org: After being relocated, http://www.w00w00.org is up and running. Although we are using an old backup of the site (off the mirror), we have added a new w00bio and w00giving (advisories) section. When we receive the newest backup of the site, we'll finish updating (notice all the new w00quotes!). You find our bio, articles, code/projects, and advisories on the site. Send us your input. Note on w00w00: At 30+ active members (in seven countries, three continents, and twelve US states), w00w00 has grown into the world's largest non-profit security team. Of course, we love our nearest competitors, Cult of the Dead Cow (CDC), at 22-23 members. [The largest for-profit security team that I am aware of is ISS's X-Force.] --------------------------------------------------------------------------- Discovered by: ktwo (ktwo@ktwo.ca) When patches/fixes are applied to binaries on UnixWare 7, the original, unpatched binary files (with the suid/sgid bits maintained) are stored in /var/sadm. By default, the permissions on this directory is 755. This allows normal users to execute and exploit old binaries leftover from patching. --------------------------------------------------------------------------- Patch: Run 'chmod o-rx /var/sadm' to remove read/execution privileges for normal users. --------------------------------------------------------------------------- Contributors to w00giving '99: awr, jobe, Sangfroid, rfp, vacuum, interrupt, dmess0r, marc, kitekoa, and K2 People who deserve hellos: nocarrier, minus, daveg, nny, dark spyrit (and beavuh), and blakew w00giving '99 advisories are being archived by kitekoa at: http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Fest/\ w00giving99[1-3].htm.