[7741] in bugtraq
AfterStep asfsm tmp hole
daemon@ATHENA.MIT.EDU (Kristofer Coward)
Tue Aug 25 01:27:07 1998
Date: Tue, 25 Aug 1998 01:06:51 -0400
Reply-To: Kristofer Coward <kris@SNOW.UTORONTO.CA>
From: Kristofer Coward <kris@SNOW.UTORONTO.CA>
To: BUGTRAQ@NETSPACE.ORG
The disk usage monitor that comes with AfterStep (asfsm) overwrites
/usr/tmp/statfs regularly as whoever launched it, allowing the typical
symlink crap we've come to expect, including a possible DoS if run as
root.
Kris Coward
kris@snow.utoronto.ca
