COMMAND

    /usr/bin/suidexec

SYSTEMS AFFECTED

    Linux Debian 2.0

PROBLEM

    Thomas Roessler found  following.  /usr/bin/suidexec  will execute
    arbitrary commands as root, as soon as just _one_ suid root  shell
    script can be found on the system.  Just invoke:

        /usr/bin/suidexec <your program> /path/to/script

    It  will  happily  execute  your  program  with  euid = 0. This is
    completely sufficient  for doing  arbitrary damage  on the system.
    Additionally, suidexec will fail  with shells which close  all but
    the  "standard"  file  descriptorson  startup:   /proc/self/fd/<N>
    (which is the  file descriptor suidexec  has opened for  the shell
    script in question)  will have vanished  after this.   This may be
    considered as  a feature,  as it  avoids some  of the $HOME/.cshrc
    related standard exploits.

SOLUTION

    Upgrade to suidmanager 0.19 from

        ftp://ftp1.us.debian.org/debian/Incoming/suidmanager_0.19_all.deb

    which removes the suidexec program entirely (tested was 0.18).