=============================================================================
          [8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995

PROGRAM:

        /usr/lib/loadmodule

VULNERABLE VERSIONS:

        SunOS 4.1.* & Openwindows 3 with latest loadmodule patch.

DESCRIPTION:

        loadmodule uses system(3) to find the architecture of
        the machine.

IMPACT:

        Local users can obtain root access.

REPEAT BY:

        A program to exploit this vulnerability is available as of now.
        This program has been tested with the latest Sun patch.  To obtain
        this program, send mail to 8lgm-fileserver@8lgm.org, with a line
        in the body of the message containing:-

        SEND load.root

DISCUSSION:

        Using system(3) in setuid programs is bad practice.  Sun's patch
        attempted to make this safe by reseting IFS before the call.
        Unfortunately, the patch does not do a thorough enough job.

FIX:

        Contact vendor for fix.

STATUS UPDATE:

        The file:

        [8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995.README

        will be created on www.8lgm.org.  This will contain updates on
        any further versions which are found to be vulnerable, and any
        other information received pertaining to this advisory.

-----------------------------------------------------------------------

FEEDBACK AND CONTACT INFORMATION:

        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)

        8lgm@8lgm.org           (Everything else)

8LGM FILESERVER:

        All [8LGM] advisories may be obtained via the [8LGM] fileserver.
        For details, 'echo help | mail 8lgm-fileserver@8lgm.org'

8LGM WWW SERVER:

        [8LGM]'s web server can be reached at http://www.8lgm.org.
        This contains details of all 8LGM advisories and other useful
        information.
===========================================================================