Bugtraq mailing list archives
STM symlink Vulnerability
From: zorgon <zorgon () LINUXSTART COM>
Date: Wed, 13 Dec 2000 05:33:21 -0500
Support Tool Manager Symlink Vulnerability
From the STM manual page :
The Support Tools Manager (STM) provides three interfaces that allow a user access to an underlying toolset, consisting of information modules, firmware update tools, verifiers, diagnostics, exercisers, expert tools, and utilities.
It exists a symlink vulnerability in STM. When you run cstm for example (but also xstm and mstm): $uname -a HP-UX localhost B.11.00 A 9000/785 2004901631 licence pour deux utilisateurs $stm -c Running Command File (/usr/sbin/stm/ui/config/.stmrc). -- Information -- Support Tools Manager Version A.22.00 Product Number B4708AA (C) Copyright Hewlett Packard Co. 1995-1998 All Rights Reserved Use of this program is subject to the licensing restrictions described in "Help-->On Version". HP shall not be liable for any damages resulting from misuse or unauthorized use of this program. cstm>ru Select Utility 1 MOutil 2 logtool Enter selection : 1 -- Magneto-Optical device Utility -- MO Utility> STM writes logs to the file "/var/stm/logs/tool_stat.txt". But the existance and owner of the file is not checked prior to writing logs. So local users may create a symlink from an arbitrary file to tool_stat.txt and the file pointed to by the symlink will be overwritten. It can result to a denial of service. Status vendor: This flaw is being adressed in HP labs. ================================== zorgon <zorgon () linuxstart com> http://www.nightbird.free.fr ---------------------- Do you do Linux? :) Get your FREE @linuxstart.com email address at: http://www.linuxstart.com
Current thread:
- STM symlink Vulnerability zorgon (Dec 14)