Description:
SuSE Linux is an open-source Linux system.
SuSE Linux File properties checks for the existence of loopholes, local attacker could exploit this vulnerability to read sensitive information from unauthorized.
Group 3 bundled with SuSE Linux pre-defined privileges, which are easy, secure and paranoid.The bundled package chkstat permissions process can check and choose one of these permissions level.easy class to the default level, allowing some fully writable directory, / usr / src / packages / RPMS and subdirectories is one of them.To prevent a malicious user behavior, such as links to / etc / shadow, chkstat not check count! = 1 symbolic link or hard link files.But there are loopholes in the inspection.Malicious user can modify the location of chkstat placed in / etc / shadow of the hard links, so that you can access the file.chkstat does not check the file because it is the hard link count of 2.However, if the administrator changes the user database, they would remove and replace the original / etc / shadow.This means that a malicious user to create a hard link count of the files may be reduced to 1.Then chkstat will modify the file permissions can be read by anyone.So technically, chkstat may modify file permissions security.
Affected system:
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 9.3
S.u.S.E. Linux 9.2
S.u.S.E. Linux 9.1
S.u.S.E. Linux 9.0
S.u.S.E. Linux 10.0
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SLES 9
Patch Download:
SuSE has released a Security Bulletin for this (SUSE-SA: 2005:062) and the corresponding patch:
SUSE-SA: 2005:062: permissions
Links: http://www.novell.com/linux/security/advisories/2005_62_permissions.html