MTools MFormat Privilege Escalation Vulnerability
BID:9746
Info
MTools MFormat Privilege Escalation Vulnerability
| Bugtraq ID: | 9746 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 25 2004 12:00AM |
| Updated: | Feb 25 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Sebastian Krahmer. |
| Vulnerable: |
MTools MTools 3.9.9 MTools MTools 3.9.8 MTools MTools 3.9.7 MTools MTools 3.9.6 MTools MTools 3.9.5 MTools MTools 3.9.4 MTools MTools 3.9.3 MTools MTools 3.9.2 MTools MTools 3.9.1 |
| Not Vulnerable: | |
Discussion
MTools MFormat Privilege Escalation Vulnerability
It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user.
A local attacker could exploit this issue by forcing the creation of sensitive system files that already exist. When the application formats the specified files, the target system file will be overwritten, destroying sensitive system data. Since the files that are given permissions 0666 and owned by root, the attacker may alter overwritten system configuration files, allowing for a escalation of privileges.
It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the root user.
A local attacker could exploit this issue by forcing the creation of sensitive system files that already exist. When the application formats the specified files, the target system file will be overwritten, destroying sensitive system data. Since the files that are given permissions 0666 and owned by root, the attacker may alter overwritten system configuration files, allowing for a escalation of privileges.
Exploit / POC
MTools MFormat Privilege Escalation Vulnerability
No exploit is required to leverage this issue. The following proof of concept exploit has been supplied by [email protected]:
No exploit is required to leverage this issue. The following proof of concept exploit has been supplied by [email protected]:
Solution / Fix
MTools MFormat Privilege Escalation Vulnerability
Solution:
Mandrake has released advisory MDKSA-2004:016 dealing with this issue.
Fixes:
MTools MTools 3.9.9
Solution:
Mandrake has released advisory MDKSA-2004:016 dealing with this issue.
Fixes:
MTools MTools 3.9.9
-
Mandrake mtools-3.9.9-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64:
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mtools-3.9.9-2.1.92mdk.i586.rpm
Mandrake Linux 9.2:
http://www.mandrakesecure.net/en/ftp.php