Summary

Adding a malformed Access Route to a User Class allows members to execute any program

Issue

Adding an Access Route to a User Class with any of the following formats:

  • SUEXEC:$USER@*->root@*
  • SUEXEC$USER@*->username
  • SUEXEC$USER@*->username@HOSTGROUP

gives any user in that Class rights to run any program as root, when it should in fact give no suexec access at all.

Resolution / Workaround

Install hotfix HFBM-0027, available for download from the HelpSystems Community Portal.

With this hotfix applied, these malformed Access Routes no longer give access.

Alternatively, you can also resolve this issue by upgrading to BoKS Manager / BoKS Server Agent for Unix / Linux 6.7.

Note that this issue also affects:

  • BoKS Server Agent - Unix/Linux 6.6.2
  • BoKS Server Agent - Unix/Linux 6.6.1
  • BoKS Manager 6.6.1

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018