Orville Write Environment Variable Privilege Escalation Vulnerability - Secunia Advisories - Vulnerability Intelligence

Orville Write Environment Variable Privilege Escalation Vulnerability
Secunia Advisory:	SA9085	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-06-20
Popularity:	7,532 views

Critical:	Less critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.0 Debian GNU/Linux unstable alias sid

Software:	Orville write 2.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2003-0441

Description: Debian has reported a vulnerability in Orville write, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system. The vulnerability is caused due to a boundary error in the handling of multiple environment variables (eg. "HOME"). This may be exploited to cause a buffer overflow and execute arbitrary code with higher privileges than intended. A malicious person may gain "root" privileges or group "tty" privileges depending on the configuration selected during installation. Solution: Update to version 2.54: http://www.unixpapa.com/software/orville-write-2.54.tar.gz Debian has issued updated packages: -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updat...-write/orville-write_2.53-4woody1.dsc Size/MD5 checksum: 589 170c84e5c499f942ca625cb0f10e2bbe http://security.debian.org/pool/updat...te/orville-write_2.53-4woody1.diff.gz Size/MD5 checksum: 4882 f9147a6f6c6d69e954d024fbaf789ecf http://security.debian.org/pool/updat...-write/orville-write_2.53.orig.tar.gz Size/MD5 checksum: 75717 9dafdab825157df8377ce67a3c0eb2a5 Alpha architecture: http://security.debian.org/pool/updat.../orville-write_2.53-4woody1_alpha.deb Size/MD5 checksum: 63424 aa2124137efcafbf9baceb196a942564 ARM architecture: http://security.debian.org/pool/updat...te/orville-write_2.53-4woody1_arm.deb Size/MD5 checksum: 52108 89c8970e2523fe6a98a053ae9bb1e997 Intel IA-32 architecture: http://security.debian.org/pool/updat...e/orville-write_2.53-4woody1_i386.deb Size/MD5 checksum: 51938 fb5d8e11b58013abd377e9425a8aab39 Intel IA-64 architecture: http://security.debian.org/pool/updat...e/orville-write_2.53-4woody1_ia64.deb Size/MD5 checksum: 71988 df14d6a8f997ceec1acb348a8cb92b56 HP Precision architecture: http://security.debian.org/pool/updat...e/orville-write_2.53-4woody1_hppa.deb Size/MD5 checksum: 58534 b384d176de75d907dd08e723f701d6ed Motorola 680x0 architecture: http://security.debian.org/pool/updat...e/orville-write_2.53-4woody1_m68k.deb Size/MD5 checksum: 51098 ac0307daa1d4c6abfe7810a85fd49589 Big endian MIPS architecture: http://security.debian.org/pool/updat...e/orville-write_2.53-4woody1_mips.deb Size/MD5 checksum: 57830 4507261a670f4c50605bb84170a705b2 Little endian MIPS architecture: http://security.debian.org/pool/updat...orville-write_2.53-4woody1_mipsel.deb Size/MD5 checksum: 57154 130d5d0d7e6d55145fe690f0de7d2a8e PowerPC architecture: http://security.debian.org/pool/updat...rville-write_2.53-4woody1_powerpc.deb Size/MD5 checksum: 51760 20d239c6aca202dc4a5bec07ba772219 IBM S/390 architecture: http://security.debian.org/pool/updat...e/orville-write_2.53-4woody1_s390.deb Size/MD5 checksum: 54224 cb98e4b5fff39313b865978647f74ee5 Sun Sparc architecture: http://security.debian.org/pool/updat.../orville-write_2.53-4woody1_sparc.deb Size/MD5 checksum: 60146 a5714352ef8e50bdbede1600afce7041 -- Debian GNU/Linux unstable alias sid -- Reportedly, this will be fixed soon. Provided and/or discovered by: Steve Kemp Original Advisory: http://www.debian.org/security/2003/dsa-326

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

2nd Dec, 2008

New advisories:	14
New vulnerabilities:	21
Updated advisories:	26

Less // 373 views

Linksys WRT160N Cross-Site Scripting Vulnerability

Less // 355 views

IBM Rational ClearQuest Multiple Vulnerabilities

Not // 280 views

Debian update for flamethrower

Not // 272 views

flamethrower Insecure Temporary Files

Less // 327 views

IBM Rational ClearCase Cross-Site Scripting Vulnerability

Not // 313 views

DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability

Not // 312 views

Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities

Moderately // 298 views

Rumpus Multiple Vulnerabilities

Less // 317 views

bcoos "cid" SQL Injection Vulnerability

Moderately // 331 views

ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.