Bugtraq mailing list archives

Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole

From: yuri () KILLER CRACKSOFT KIEV UA (Yuri Kuzmenko)
Date: Mon, 30 Nov 1998 22:16:21 +0200


lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
with file permission.

lrz create file with 0666 mode (world writable)

File mode set to normal (specifed by other side) only after downloading.

my umask is 022

Current thread:

Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole Yuri Kuzmenko (Nov 30)