Summary

A user could gain root or root group id privileges from su, suexec or kslog operations instead of non-root privileges

Issue

A missing check in su (on non-PAM platforms), suexec and kslog on the result from setuid / setgid meant that if the call failed, a user could gain root or root group id privileges when the intention was to give privileges as a non-root user.

Resolution / Workaround

Install the hotfix HFBM-0030, available for download from the HelpSystems Community Portal.

This hotfix causes these programs to check the return values from these functions and exit with an error code and an error message if they fail.

Note that this issue also affects:

  • BoKS Server Agent - Unix/Linux 6.6.2
  • BoKS Manager 6.7.0
  • BoKS Manager 6.6.2
  • BoKS Server Agent - Unix/Linux 6.7.0
  • BoKS Server Agent - Unix/Linux 6.6.1
  • BoKS Manager 6.6.1

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018