TUCoPS :: BSD :: bmon.htm

FreeBSD BubbleMon 1.32 execute arbitrary code 
Vulnerability

    bubblemon

Affected

    All versions of BubbleMon up to 1.32

Description

    Christer Duberg found  following.  Users  can execute programs  or
    shellscript by clicking on  the bubblemon application.   bubblemon
    is  installed  sgid  kmem  on  FreeBSD  and does not drop its egid
    before executing programs.

    Example:

        $ id
        uid=1000(christer) gid=1000(christer) groups=1000(christer)
        $ bubblemon id
        uid=1000(christer) gid=1000(christer) egid=2(kmem) groups=2(kmem), 1000(christer)

Solution

    Get the new fixed version BubbleMon 1.32 from

        http://www.ne.jp/asahi/linux/timecop

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH