TUCoPS :: SCO :: sadc.htm

Sadc can be used to make files in normally unwritable directories
 
Vulnerability

    sadc(1M)        (/usr/lib/sa/sadc)
    Supplied with SYS V accounting utilities

Affected

    SCO Unix System V/386 Release 3.2 Versions 4.2, 4.1, and 4.0
    (suid root)
    SCO Open Desktop Lite Release 3.0 (suid root)
    SCO Open Desktop Release 3.0 and 2.0 (suid root)
    SCO Open Server Network System Release 3.0 (suid root)
    SCO Open Server Enterprise System Release 3.0 (suid root)
    SVR4/i386 4.0.3         (sgid sys)
    A/UX 2.0.1              (sgid sys)

Description

    sadc(1M)  can  be  used  to  create  files  in normally unwritable
    directories.   sadc   normally  runs  egid   sys,  and   therefore
    can be used to create files in group sys writeable directories.

    SCOs sadc  runs euid  root, and  therefore can  be used  to create
    files anywhere on the filesystem.

Solution

    Contact your vendor for a fix.   In the meantime, limit access  to
    sadc by changing mode on /usr/lib/sa.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH