[23508] in bugtraq
Re: klprfax_filter symlink vulnerability
daemon@ATHENA.MIT.EDU (George Staikos)
Fri Dec 14 19:33:36 2001
Message-Id: <200112141813.NAA10645@nitro.0wned.org>
Content-Type: text/plain;
charset="iso-8859-1"
From: George Staikos <staikos@0wned.org>
To: wang yuan <r0gue@21cn.com>
Date: Fri, 14 Dec 2001 13:13:55 -0500
In-Reply-To: <20011214061454.23117.qmail@mail.securityfocus.com>
Cc: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
On Friday 14 December 2001 01:14, wang yuan wrote:
> hi,all !
> i'm sorry if this bug has been reported.
> klprfax_filter (kdeutils-2.2-2),is an application to make
> a printer that acts as a fax.
> when using klprfax_filter,it would creat a temp
> file,/tmp/klprfax.filter,but the temporary file was not
> created safely,this vulnerability could be exploited to
> overwrite arbitrary files!
> just tested on redhat 7.1.
This was announced by the KDE team on Nov 9. The solution is to remove
the suid bit from efax. It seems to only need it for accessing the lock
files and the modem.
--
George Staikos
