International Data Casting SFX2100 Satellite Receiver SUID Binary Privilege Escalation Vulnerability

A vulnerability exists in the International Data Casting (IDC) SFX2100 satellite receiver, which is used by organizations such as the US Department of Defense and the European Space Agency. The receiver has the '/bin/date' utility installed with the setuid bit enabled, allowing local users to execute the binary with elevated privileges. This vulnerability can be exploited to perform privileged file reads as the root user, accessing sensitive files such as '/etc/shadow' or other configuration files containing secrets.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling a user to gain root access by reading and cracking the root password from the '/etc/shadow' file.

Reproduction

The vulnerability can be reproduced by a local user on the SFX2100 satellite receiver. The 'date' command can be used with the '-f' option to specify a file path. By injecting traversal sequences, it's possible to access protected files like '/etc/shadow'.