[33774] in bugtraq
Re: [Full-Disclosure] Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Feb 17 13:47:25 2004
Message-Id: <200402161621.i1GGLdec009058@turing-police.cc.vt.edu>
To: "Dr. Peter Bieringer" <pbieringer@aerasec.de>
Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
In-Reply-To: Your message of "Mon, 16 Feb 2004 16:49:53 +0100."
<26098517.1076950193@[10.3.62.6]>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-2056590168P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Mon, 16 Feb 2004 11:21:39 -0500
--==_Exmh_-2056590168P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Mon, 16 Feb 2004 16:49:53 +0100, "Dr. Peter Bieringer" said:
> logfile=3D/tmp/LiveUpdate.log <---!!!!!!
> =
> Impact:
> Before first run of LiveUpdate (like suggested in doc, user "symantec" =
does =
> this) a possible race condition via a symlink attack by another user wi=
ll =
> result in the creation of a new file (as user "symantec") or appending =
> LiveUpdate log to an existent file (owned by user "symantec").
For bonus points, figure out what happens if you reboot and your /etc/fst=
ab has this:
none /tmp tmpfs mode=3D1777 0 0
The gift that keeps on giving. ;)
--==_Exmh_-2056590168P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAMO4TcC3lWbTT17ARArQFAJ9nPyvuisTKJQZJz9wZCFmzRFIvvgCgs7yW
ofaPmjFeOFlxFZcxUus75bA=
=dB3Z
-----END PGP SIGNATURE-----
--==_Exmh_-2056590168P--
