[21199] in bugtraq
Re: smbd remote file creation vulnerability
daemon@ATHENA.MIT.EDU (Tomek Lipski)
Tue Jun 26 15:40:10 2001
Date: Tue, 26 Jun 2001 07:31:32 +0200 (CEST)
From: Tomek Lipski <Tomek.Lipski@ecl.pl>
To: Pavol Luptak <wilder@hq.alert.sk>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20010625190919.A13420@hq.alert.sk>
Message-ID: <Pine.BSF.4.21.0106260729250.41578-100000@main>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 25 Jun 2001, Pavol Luptak wrote:
> Linux kernels with openwall patch (with restricted links in /tmp) are
> imunne to this type of attack (following symlinks does not work, link
> owner does not match with file's owner).
I dont know how openwall patch works but symlinks can be put anywhere ( ~/
for example..) to make this exploit work... [this is just a theory. havent
tested that ;)]
--
Tomek Lipski
email: [ Tomek.Lipski@ecl.pl ] gsm: [ +48 606 787 423 ]
Eclipse ISP http://www.ecl.pl/
Czestochowa Al. NMP 31 tel. 034 3665011
