Originally Published: Saturday, 19 February 2000 Author: Derrick H. Lewis
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

ARCserve symlink vulnerability

An implementation fault in the ARCserve agent script allows local attackers to obtain root privileges and overwrite/insert data into arbitrary files.

   Page 1 of 1  

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

======================================================================

Network Associates, Inc. SECURITY ADVISORY February 15, 2000

ARCserve symlink vulnerability

======================================================================

SYNOPSIS

An implementation fault in the ARCserve agent script allows local attackers to obtain root privileges and overwrite/insert data into arbitrary files.

======================================================================

VULNERABLE HOSTS

This vulnerability has been confirmed and is known to be exploitable under Unixware 7.1.0

======================================================================

TECHNICAL DETAILS

A script responsible for starting up the ARCserve agent creates multiple world writeable statically named temp files. An attacker can remove these files and create symlinks to other files on the system allowing him to create root owned world writeable files or overwrite any file on the system. It is also possible for the attacker to insert any data he wishes to the files he overwrites due to the nature of the configuration/tempfile system.

======================================================================

COMMENTS

ARCserve agent is installed and running by default.

======================================================================

RESOLUTION

SCO has developed a patch to address this issue. More information is available at: http://www.sco.com/security.

======================================================================

CREDITS

Discovery and documentation of this vulnerability was conducted by Shawn Bracken at the Security Research Labs of Network Associates.

======================================================================

ABOUT THE NETWORK ASSOCIATES SECURITY LABS

The Security Labs at Network Associates hosts some of the most important research in computer security today. With over 30 security advisories published in the last 2 years, the Network Associates security research teams have been responsible for the discovery of many of the Internet's most serious security flaws. This advisory represents our ongoing commitment to provide critical information to the security community.

For more information about the Security Labs at Network Associates, see our website at http://www.nai.com or contact us at .

======================================================================

NETWORK ASSOCIATES SECURITY LABS PGP KEY

- - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 5.5.5

mQGiBDXGgDsRBADVOnID6BtEhKlm2cNalho28YP0JAh+J4iRUIaiWshzI0tc0KPc fvs+0xYwiqjxmeHi2sdIEPQ7S+ltA3Dlp6/DFojWBr2XB9hfWy4uiKBUHqnsKYnB Gpkh6nIx7DIwn+u0PXMXbJCG3LYf8daiPVdzC2VFtbRvJL4wZc6NLQViFQCg/9uS DuH/0NE6mO8Cu4iVrUT5Wk8D/ArOpV5T5yIuXHZO1/ZBVeHccVVvHe8wHK4D9WUs FsB8fgYLNgdFMMjtam7QQSBY/P1KKBzaFqZhkfS4WVMAFEy94NHXG+KTCPhXkZzp OPPqwWqZgfvOg0Bm20O/GhzQkB6JfFJqcfR87Ej0+fcDKrTTxAELWHGS7c9Qdn6P bfwHA/4oLNwYrtgWNkjGcG018Pu2jKT7YuP9zBTMu28IBiWdPLGL9Wle4d5cdDVx Es4iVl8FMtxlgTWCgMnBLS4nyM3pCn1HF+8Gi+IVKUXWCkqt/rtBMsrOMfrOgEIu BWnTZcTR7kcWtH7xDFNyZ47U4pElLXwATVDty/FczAJnpeht2LQyTmV0d29yayBB c3NvY2lhdGVzIFNlY3VyaXR5IExhYnMgPHNlY2xhYnNAbmFpLmNvbT6JAEsEEBEC AAsFAjXGgDsECwMCAQAKCRCheCy6j9WBEtgDAKDpYMwQZP0Ipx7X0ivnTxxJkA/W vACg4LZv0lmWqmnd7XCe4OIJ05aT6hK5Ag0ENcaAOxAIAPZCV7cIfwgXcqK61qlC 8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh 01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscB qtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFst jvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISn CnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVeky CzsAAgIH/RZcJoRkhCf9O4Er+rciBNG3QqM3tek23oxGuVwqRxtGlGKuf+YaUDIA vZhARftupZYJf/+AM9pyjjsF7ON/Df5oIXXhqzrDySw47dNB3I1FG7vwAUBRfYgG NRP+zvf1nld+FgAXag1DIQteXYPtoMUJP8ZgvbELYVdZS2TapOHUv7r4rOY+UUjl U+FkQPp9KCNreaNux4NxwT3tzXl1KqqkliC8sYxvMCkJ+JO71TKGplO9dXsf3O8p 2r33+LngmLs4O7inrUlmAUKq3jmCK50J7RsZjd6PlK/0JwcjFkOZeYrxTguZzCR4 QYmo8nEHqEMSKQci0VUf9KH4lHf6xmGJAEYEGBECAAYFAjXGgDsACgkQoXgsuo/V gRK5LACgoAqLFk10kAMu6xb3ftO4+INJs14Ani+1hujlYRxYphN97c5ci8WtILNZ =L3C6 - - ----

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates

iQA/AwUBOKry8KF4LLqP1YESEQKuugCfVHdg3dIqQTf6p7PIjBKEhOfu4oYAoNwX d8IQhNZE4qWWr3l76aE8vxQs =T0a1 -----END PGP SIGNATURE-----





   Page 1 of 1