[20740] in bugtraq
[SRT2001-09] - vi and crontab -e /tmp issues
daemon@ATHENA.MIT.EDU (Richard Johnson)
Tue May 22 18:29:16 2001
From: "Richard Johnson" <thief@snosoft.com>
To: <bugtraq@securityfocus.com>
Cc: "Recon@Snosoft. Com" <recon@snosoft.com>
Date: Tue, 22 May 2001 14:15:16 -0400
Message-ID: <NLEHLKOFLLKOOLIIJPIPOELECIAA.thief@snosoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
======================================================================
Strategic Reconnaissance Team Security Advisory(SRT2001-9)
Topic: vi and crontab -e /tmp issues
Vendor: Santa Cruz Operations
Release Date: 05/07/01
======================================================================
.: Description
vi makes poor use of /tmp. File names are very predictable
.: Impact
as a user ln -s /etc/passwd /tmp/Ex04161
wait for root to run vi and viola when he does he will clobber /etc/passwd
with a null file
.: Workaround
don't use vi or crontab -e
.: Systems Affected
Unixware 5.x
.: Proof of Concept
ln -s /etc/passwd /tmp/Ex04161
.: Vendor Status
A copy of this advisory was mailed to their attention
.: Credit
Kevin Finisterre
dotslash@snosoft.com
======================================================================
©Copyright 2001 Secure Network Operations , Inc. All Rights Reserved.
Strategic Reconnaissance Team | recon@snosoft.com
http://recon.snosoft.com | http://www.snosoft.com
----------------------------------------------------------------------
