Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Thu, 26 Oct 2000 12:37:53 +0200
Tested also on: FreeBSD 3.3 = Vulnerable FreeBSD 2.2.8 = Vulnerable Aix 4.2 = Not Vulnerable Linux Slackware 7.0 = Not Vulnerable Linux Slackware 4.0 = Not Vulnerable
Solaris: not vulnerable (probably since 2.4). 6210: seteuid(10000) = 0 6210: open64("/tmp/crontabWCaqim", O_RDONLY) = 5 6210: seteuid(0) = 0 Root owned file: 6225: open64("/tmp/crontab9qaakm", O_RDONLY) Err#13 EACCES 6225: unlink("/tmp/crontab9qaakm") Err#1 EPERM This was changed in may '94 in response to bug 1160749. Not sure if there are patches for really old releases (101572-03 for 2.3 appears to cover this) Casper
Current thread:
- [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability Kyong-won Cho (Oct 24)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Kris Kennaway (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Casper Dik (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Bill Sommerfeld (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Andrey Alekseyev (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Robert Watson (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)