COMMAND

    /sbin/dump

SYSTEMS AFFECTED

    Linux RedHat 2.1 distribution

PROBLEM

    There  is  a   security  hole  in   RedHat  2.1,  which   installs
    /sbin/dump suid root.   The dump program  makes no provisions  for
    checking  file  permissions,  allowing  any  user on the system to
    read arbitrary files on the system.  Dump checks permissions  only
    on  the  directory  you  specify  to  backup,  and not on files or
    subdirectories.   The process  to exploit  this is  to backup  the
    files via dump as if it  was a normal backup to a  temporary file,
    and then  restore the  temporary file  with /sbin/restore  to your
    own directory.  Author: Dave M. (davem@cmu.edu)

    Exploit:

    $ /sbin/dump 0uf woot.dump DIRECTORY_FILE_TO_READ_IS_IN

SOLUTION

    The solution is simple, don't run dump suid root on your system.

        chmod -s /sbin/dump