Summary

Some BoKS setuid programs use command line options for debug configuration in an unsecure way

Issue

The BoKS SSH client program uses a setuid helper program called boks_gethostkey to fetch SSH public keys stored in BoKS. This program allows debug level and debug file location to be controlled from the command line, thus making it possible for unprivileged users to overwrite system files with debug output.

Other BoKS setuid programs, tcpcrypt, suexec and xdl, allow debug level, but not debug file location to be specified from the command line. Although this is not necessarily unsecure, it may leak information not intended for unprivileged users.

Resolution / Workaround

Install hotfix HFBM-0025 from the HelpSystems Community Portal.

This hotfix includes modified versions of the setuid programs that only allow debug configuration by the administrator using the bdebug program.

Alternatively this issue can also be resolved by upgrading to BoKS Manager / BoKS Server Agent for Unix / Linux 6.7.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018