[2081] in linux-security and linux-alert archive
[linux-security] Insecure /tmp handling in isdnlog
daemon@ATHENA.MIT.EDU (dentoir)
Wed Oct 21 03:07:23 1998
Date: Wed, 21 Oct 1998 02:58:31 +0200 (MET DST)
From: dentoir <edtx@xs4all.nl>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
The isdnlog program (provided by isdn4k-utils.tar.gz) creates a
root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and
no checking for symbolic links is done. The file is opened append only,
a user can make a symbolic from /tmp/isdnctrl to any file and mess
things up.
example: ln -s /var/spool/mail/root /tmp/isdnctrl
-- dentoir
Fart Foundation
Security through immaturity
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null