*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
/usr/bin/ubnsylnx has 007 permissions, so is world-writeable. I don't
know whether this is an executable that's ever run by root, but if it
is, I guess it might potentially be a privilege escalation problem. On
my machine, it's the only executable in any of the folders in $PATH
that's world-writeable.
I'm afraid I have no idea what it does, what package it's from ("dpkg -S
ubnsylnx" returns nothing), or whether it's in a default install of
Ubuntu. A Google search of ubnsylnx returns no results whatsoever
(which is the first time I've ever had that happen when Googling some
part of Ubuntu). Running it prints usage notes that suggest device
manipulation ("Usage: ubnsylnx [-sfr][-d directory][-o offset] device").
Needless to say it doesn't have a man page.
Apologies for flagging this up as a security vulnerability when I don't
have a clue what it does, but I thought I should probably be on the safe
side, since it is in root's path. 007 is certainly the weirdest set of
permissions I've ever seen.
** Affects: ubuntu
Importance: Undecided
Status: New
--
/usr/bin/ubnsylnx is world-writeable
https://bugs.launchpad.net/bugs/271200
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
