> DESCRIPTION:
> I found a buffer overflow vunerability on the
> /usr/bin/dsh (dqs 3.2.7
> package).
>
> I really don't know if this bug was discovered
> already. if thats right,
> then sorry =).
No, this is yet unknown to [EMAIL PROTECTED]
> If a long line on the first argument is gived, the
> program gives a SIGSEGV
> signal.
>
> This bug was reported to Drake Diedrich, Mantainer
> for dqs
> ([EMAIL PROTECTED]).
>
> AFFECTED:
> SusE 6.3, 6.4, 7.0 have the dqs 3.2.7 by default
> an then it are vunerable,
> maybe others.
I confirm this vulnerability and that dqs has the setuid bit on the file
/usr/bin/dsh, but the package (as a package in the clustering series) is
not installed by default.
The fix (to remove the suid bit) is correct. If you have selected to set
the variable PERMISSION_SECURITY in /etc/rc.config to "secure local" in
SuSE-7.1 (recommended for security-enhanced settings), you are not
vulnerable. On SuSE-7.1, in addition to the chmod command below, change
the files /etc/permissions.*, too, to reflect the removed suid bit.
If you do not need the dqs package, simply remove it using the command
rpm -e dqs
Of course, we will provide update packages as soon as possible.
> FIX:
> Remove the SUID permission
> |root@netdex /root|# ls -la /usr/bin/dsh
> -rwsr-xr-x 1 root root 502748 May 18
> 00:36 /usr/bin/dsh
> |root@netdex /root|# chmod -s /usr/bin/dsh
> |root@netdex /root|# ls -la /usr/bin/dsh
> -rwxr-xr-x 1 root root 502748 May 18
Regards,
Roman Drahtm�ller,
SuSE Security.
--
- -
| Roman Drahtm�ller <[EMAIL PROTECTED]> "Caution: Cape does not |
SuSE GmbH - Security enable user to fly."
| N�rnberg, Germany (Batman Costume warning label) |
- -
