COMMAND

    suid_exec

SYSTEMS AFFECTED

    All operating systems with  "suid_exec" program supplied with  the
    Korn Shell (ksh) distribution.

PROBLEM

    suid_exec is a program that is often installed when the Korn shell
    (ksh) interpreter is installed.   suid_exec is installed to  allow
    the execution  of setuid/setgid  shell scripts  and shell  scripts
    which  do  not  have  read  permissions  set.   All  versions   of
    suid_exec  are   currently  vulnerable.    The  vulnerability   in
    suid_exec may allow  arbitrary commands to  be executed with  root
    privileges.

    suid_exec is known to be present in the default installation on
    the following Unix operating systems:

        IRIX 5.x
        IRIX 6.x

    For IRIX exploit see suid_exec on IRIX bugs page.

    This list is not necessarily complete, and other operating systems
    may have  suid_exec installed  by default.   Sites may  also  have
    installed  suid_exec  when   installing  the  publicly   available
    version of  the Korn  Shell (ksh).   This version  of suid_exec is
    also vulnerable.

SOLUTION

    Currently there are no vendor patches available that address  this
    vulnerability.  Until official vendor patches are made  available,
    sites should remove the  setuid root and execute  permissions from
    suid_exec.   For example,  if suid_exec  is located  in /etc,  the
    following command should be run as root:

        # chmod 400 /etc/suid_exec
        # ls -l /etc/suid_exec
        -r--------   1 root sys    14384 May 30 1996 /etc/suid_exec