[21239] in bugtraq
Re: smbd remote file creation vulnerability
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Thu Jun 28 15:51:14 2001
Date: Wed, 27 Jun 2001 18:48:18 -0400 (EDT)
From: Michal Zalewski <lcamtuf@bos.bindview.com>
To: Wichert Akkerman <wichert@wiggy.net>
Cc: bugtraq@securityfocus.com, Pavol Luptak <wilder@hq.alert.sk>
In-Reply-To: <20010627004252.A6280@wiggy.net>
Message-ID: <Pine.LNX.4.21.0106271845580.649-100000@nimue.bos.bindview.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 27 Jun 2001, Wichert Akkerman wrote:
>> Linux kernels with openwall patch (with restricted links in /tmp) are
>> imunne to this type of attack (following symlinks does not work, link
>> owner does not match with file's owner).
>
> If symlink don't work you can still use a hardlink though.
Another thing you can do is creating a symlink pointing to non-existing
file. You can create new boot script, configuration files like
ld.so.preload or whatever you want.
--
_____________________________________________________
Michal Zalewski [lcamtuf@bos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
