[3291] in bugtraq
Re: [BUG] Vulnerability in PKGTOOL
daemon@ATHENA.MIT.EDU (Paul Nash)
Tue Aug 27 12:15:43 1996
Date: Tue, 27 Aug 1996 09:57:54 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Paul Nash <security@plato.oneworld.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.95.960826211956.738A-100000@litterbox.org> from "Sean
B. Hamor" at Aug 26, 96 09:22:49 pm
> A problem exists in the way PKGTOOL handles the /tmp/PKGTOOL.REMOVED
> logfile. This logfile is created mode 666, which allows any user to write
> to it. Although this file is usually created the first time PKGTOOL is
> run and can't be removed by normal users, a problem develops if root or
> the owner of the logfile deletes it for some reason or if PKGTOOL has
> never been run before.
On the same note tin creates /tmp/.tin_log mode 666 aswell.. It's vulnerable
to symlinks aswell.
-Paul
---------------------------------------+-------------------------------------
Paul Nash v. 617 267 2440| And the days are not full enough
Systems Administrator f. 617 267 2008| And the nights are not full enough
One World Network |--------------+ And life slips by like a field mouse
14 Claremont Park | not disturbing the grass.
Boston, MA. 02118 | -Ezra Pound
------------------------+----------------------------------------------------
