[17787] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: /bin/sh creates insecure tmp files

daemon@ATHENA.MIT.EDU (Kris Kennaway)
Fri Nov 24 15:19:19 2000

Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
              protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y"
Content-Disposition: inline
Message-Id:  <20001123133756.B36019@citusc17.usc.edu>
Date:         Thu, 23 Nov 2000 13:37:56 -0800
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
X-To:         Paul Szabo <psz@MATHS.USYD.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <200011230225.NAA19716@milan.maths.usyd.edu.au>; from
              psz@MATHS.USYD.EDU.AU on Thu, Nov 23, 2000 at 01:25:28PM +1100

--xgyAXRrhYN0wYx8y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Nov 23, 2000 at 01:25:28PM +1100, Paul Szabo wrote:
> Similarly to the recently discussed tcsh vulnerability, the Bourne shell
> /bin/sh also creates temporary files in an insecure way, and can be
> exploited to create arbitrary files or to overwrite existing ones. While
> this vulnerability can be exploited for a denial-of-service attack, it is
> not clear how to use it to gain additional privileges.

FreeBSD does not seem to do this.

Kris

--xgyAXRrhYN0wYx8y
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjodjjQACgkQWry0BWjoQKV5zwCguE4jKEnJ2fJUa7dGe3nwxi1m
KlMAoMkh1BlVi8Xk8prvjECohsyPmxYx
=snoG
-----END PGP SIGNATURE-----

--xgyAXRrhYN0wYx8y--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post