Bugtraq mailing list archives
Re: in.fingerd follows sym-links on Solaris 8
From: Lukasz Luzar <lluzar () developers of pl>
Date: Fri, 25 May 2001 09:19:59 +0200 (CEST)
Hello, Ok, the example wasn't good. It was a long day for me, thus, please forgive me that slip-up. The sym-links attack is very useful when you want to read files that are readable only by unprivileged user. On example, many httpd servers works with the same privilages, it means that you can read any CGI temporary file, and other files readable only by CGI scripts. I think about a case where a CGI script saves some important information in a temporary file, like PHP do with the sessions: -rw------- 1 nobody nobody 329 May 14 12:16 /tmp/sess_0cd156a633 When you have installed in.fingerd, and the in.fingerd is vulnerable, all local users are able to read the information from the files. There are few other examples. -- Lukasz Luzar http://Developers.of.PL/ Crede quod habes, et habes
Current thread:
- in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lyndon Nerenberg (May 24)
- <Possible follow-ups>
- Re: in.fingerd follows sym-links on Solaris 8 Matthew R. Potter (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 25)
- Re: in.fingerd follows sym-links on Solaris 8 J. Bol (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Joep Vesseur (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Darren Moffat (May 28)