BID:51140

GNU Coreutils 'su - user -c program' Local Privilege Escalation Vulnerability

Info

GNU Coreutils 'su - user -c program' Local Privilege Escalation Vulnerability

Bugtraq ID:	51140
Class:	Design Error
CVE:	CVE-2005-4890
Remote:	No
Local:	Yes
Published:	Nov 12 2005 12:00AM
Updated:	Nov 12 2005 12:00AM
Credit:	Russell Coker
Vulnerable:	GNU Coreutils 5.2.1 GNU Coreutils 5.2 GNU Coreutils 5.1.3 GNU Coreutils 5.1.2 GNU Coreutils 5.1.1 GNU Coreutils 5.1 GNU Coreutils 5.0.91 GNU Coreutils 5.0.90 GNU Coreutils 5.0.1 GNU Coreutils 5.0 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.2 GNU Coreutils 4.5.12 GNU Coreutils 4.5.11 GNU Coreutils 4.5.10 GNU Coreutils 4.5.9 GNU Coreutils 4.5.8 GNU Coreutils 4.5.7 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.1 GNU Coreutils 4.5.6 GNU Coreutils 4.5.5 GNU Coreutils 4.5.4 GNU Coreutils 4.5.3 + Redhat Linux 9.0 i386 GNU Coreutils 4.5.2 GNU Coreutils 4.5.1 GNU Coreutils 8.1

Not Vulnerable:

Discussion

GNU Coreutils 'su - user -c program' Local Privilege Escalation Vulnerability

GNU Coreutils is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary commands with elevated privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Exploit / POC

GNU Coreutils 'su - user -c program' Local Privilege Escalation Vulnerability

An attacker can use readily available command-line utilities to exploit this issue.

Solution / Fix

GNU Coreutils 'su - user -c program' Local Privilege Escalation Vulnerability

Solution:
Updates and an advisory are available. Please see the references for more information.

References

GNU Coreutils 'su - user -c program' Local Privilege Escalation Vulnerability

References:

Coreutils Homepage (GNU)