[Bioclusters] local root exploit in Platform LSF 5.1 (bugtraq link enclosed)

Rayson Ho bioclusters@bioinformatics.org
Thu, 22 May 2003 11:54:30 -0700 (PDT)


Thanks Chris,

If you see SGE or PBS security bugs, can you forward them to this
list??

Rayson


--- Chris Dagdigian <dag@sonsorol.org> wrote:
> 
> Excerpt:
> 
> > Impact: An attacker can gain root priviledge by forcing the
> 'lsadmin'
> > 	binary to execute code of attackers choice. The 'lsadmin' binary
> > 	is setuid root.
> > 
> > 
> > Description:
> > 
> > The 'lsadmin' binary has a "ckconfig" command. It uses it to check
> the
> > correctness of config files. Right after it starts, it is using the
> > external 'lim' binary . It is using the LSF_SERVERDIR variable in
> lsf.conf
> > file to obtain a path for 'lim' binary. Regular user can make his
> own
> > lsf.conf file and, by using the LSF_ENVDIR variable, force
> 'lsadmin' to
> > use it instead of default /etc/lsf.conf file. Attacker can
> therefore point
> > the LSF_SERVERDIR variable to his own 'lim' binary.  The attackers
> 'lim'
> > binary will be executed with setuid root priviledges.
> > 
> > 
> 
> URL:
> http://www.securityfocus.com/archive/1/322242/2003-05-19/2003-05-25/0
> 
> 
> 
> Regards,
> Chris
> 
> 
> -- 
> Chris Dagdigian, <dag@sonsorol.org>
> BioTeam Inc. - Independent Bio-IT & Informatics consulting
> Office: 617-666-6454, Mobile: 617-877-5498, Fax: 425-699-0193
> PGP KeyID: 83D4310E Yahoo IM: craffi Web: http://bioteam.net
> 
> _______________________________________________
> Bioclusters maillist  -  Bioclusters@bioinformatics.org
> https://bioinformatics.org/mailman/listinfo/bioclusters


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com