F-Secure Internet Gatekeeper for Linux local root
I discovered a hole in the F-Secure's Internet Gatekeeper for Linux software package. It takes some special conditions to allow for the attack to be successful. They go as follows:
1) you need local user access to the machine with FSIGK
2) you need executable permissions to the SUID binaries in question
3) you need to have access to a writable directory, in order to create an arbitrary file.
And those are usually trivial conditions to achieve. Here's a link to the Advisory
. The exploit is within the advisory, in GnuPG format. Do check on the Tigerteam.se
website for the password.