The k5su utility contains a flaw that may allow a local user to gain access to unauthorized privileges. The issue is triggered when a local user who does not have 'wheel' group membership executes k5su and enters the root password. This flaw results in complete control of the host by the attacker.
Classification
Location:
Local Access Required
Attack Type:
Authentication Management
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Public
Disclosure:
OSVDB Verified
Technical
The user must have the root password to complete this exploit. Also note that k5su is part of the Kerberos 5 package, which is not included in a default FreeBSD installation.
Solution
Currently, there are no known upgrades or patches to correct this issue. It is possible to disable k5su by removing the suid bit. The suid for k5su is removed by default in subsequent releases as well as in the STABLE branch after 2002-05-15.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
hotmail.com -
