------------------------------------------------------------------------
BCSA 001
Badly Coded, Inc. Security Advisory                 September 15th, 2014
------------------------------------------------------------------------
BCSA-001: Backdoor option in BCLPR 1.0 allows local privilege escalation

Affected versions: 1.0 and earlier
Fixed versions: 1.1 and later

It has come to our attention that version 1.0 of BCLPR contains a
hidden command line option which, when invoked, automatically spawns a
shell with root privileges. This "back door" could be used by any user
on a system allowed who is allowed to use BCLPR (any user, in the
standard configuration) to obtain administrator-level privileges. An
internal investigation has revealed that this undocumented
functionality was added by a former BCI employee, perhaps in
anticipation of future malicious use. We would like to acknowledge a
number of students from the University of Minnesota's Computer Science
and Engineering 5271 course who reported this vulnerability: in light
of this discovery, we have performed a thorough audit of the BCLPR and
believe that no further back door options exist.

The back door has been removed in BCLPR version 1.1: all BCLPR users
are recommended to upgrade at their earliest convenience. BCLPR 1.1
and later versions includes an option "-v" which will print the
version number of the BCLPR binary and execute: a version of BCLPR
that gives an error message in response to this option is version 1.0
and should be replaced.