[6280] in bugtraq
No subject found in mail header
daemon@ATHENA.MIT.EDU (Matt Nichols)
Tue Mar 10 22:48:02 1998
Date: Tue, 10 Mar 1998 20:05:56 -0600
Reply-To: Matt Nichols <kgb@FLEX.NET>
From: Matt Nichols <kgb@FLEX.NET>
To: BUGTRAQ@NETSPACE.ORG
Problem: 'netconfig' script on slackware 3.4 systems (probably earlier
versions also) , does not check to see if static tmpfiles already exist.
Any user can overwrite system files by creating a symlink in /tmp under a
filename used by 'netconfig'
netconfig creates: (without checking to see if they exist)
/tmp/elm.rc.OLD
/tmp/rc.inet1.OLD
/tmp/hosts.OLD
/tmp/resolv.conf.OLD
a user can create a symlink in /tmp like:
lwrxrwxrwx 1 kgb users 8 Mar 10 19:47 rc.inet1.OLD -> /vmlinuz
and wait for root to run 'netconfig' thus overwriting the victom file.
Although this is an unlikely situation, it is still possible.
- MultiSynk -
k g b @ f l e x . n e t
