From:	IN%"8lgm@8lgm.org"  "[8LGM] Security Team" 13-SEP-1995 03:31:14.20
To:	IN%"security-alert@sun.com", IN%"8lgm-advisories@8lgm.org"
CC:	
Subj:	[8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995

=============================================================================
 Virtual Domain Hosting Services provided by The FOURnet Information Network
              mail webserv@FOUR.net or see http://www.four.net
=============================================================================
	  [8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995
 
PROGRAM:
 
        /usr/lib/loadmodule
 
VULNERABLE VERSIONS:
 
        SunOS 4.1.* & Openwindows 3 with latest loadmodule patch.
 
DESCRIPTION:
 
	loadmodule uses system(3) to find the architecture of
	the machine.
 
IMPACT:
 
        Local users can obtain root access.
 
REPEAT BY:
 
        A program to exploit this vulnerability is available as of now.
        This program has been tested with the latest Sun patch.  To obtain
        this program, send mail to 8lgm-fileserver@8lgm.org, with a line
        in the body of the message containing:-
 
        SEND load.root
 
DISCUSSION:
 
        Using system(3) in setuid programs is bad practice.  Sun's patch
	attempted to make this safe by reseting IFS before the call.
	Unfortunately, the patch does not do a thorough enough job.
 
FIX:
 
        Contact vendor for fix.
 
STATUS UPDATE:
 
        The file:
 
        [8lgm]-Advisory-23.UNIX.SunOS-loadmodule.2-Jan-1995.README
 
        will be created on www.8lgm.org.  This will contain updates on 
        any further versions which are found to be vulnerable, and any
        other information received pertaining to this advisory.
 
-----------------------------------------------------------------------
 
FEEDBACK AND CONTACT INFORMATION:
 
        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)
 
        8lgm@8lgm.org           (Everything else)
 
8LGM FILESERVER:
 
        All [8LGM] advisories may be obtained via the [8LGM] fileserver.
        For details, 'echo help | mail 8lgm-fileserver@8lgm.org'
 
8LGM WWW SERVER:
 
        [8LGM]'s web server can be reached at http://www.8lgm.org.
        This contains details of all 8LGM advisories and other useful
        information.
===========================================================================
-- 
-----------------------------------------------------------------------
$ echo help | mail 8lgm-fileserver@8lgm.org  (Fileserver help)
majordomo@8lgm.org                           (Request to be added to list)
8lgm@8lgm.org                                (General enquiries)
******* VISIT 8LGM ON THE WORLD WIDE WEB: http://www.8lgm.org ********