[7743] in bugtraq
Re: AfterStep asfsm tmp hole
daemon@ATHENA.MIT.EDU (Kristofer Coward)
Tue Aug 25 13:51:20 1998
Date: Tue, 25 Aug 1998 12:40:28 -0400
Reply-To: Kristofer Coward <kris@SNOW.UTORONTO.CA>
From: Kristofer Coward <kris@SNOW.UTORONTO.CA>
X-To: Dave Wreski <dave@nic.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <XFMail.980825021024.dave@nic.com>
> > The disk usage monitor that comes with AfterStep (asfsm) overwrites
> > /usr/tmp/statfs regularly as whoever launched it, allowing the typical
> > symlink crap we've come to expect, including a possible DoS if run as
> > root.
>
> Which version? Have you contacted the developers first?!
1.4.x (haven't checked 1.0, or 1.5pre). I posted to the as list before
writing here, that post also told them that it would be posted here. It's
a small enough bell/whistle that most of the world should be able to live
without it until it's patched (not that that should take long).
Kris Coward
