Bugtraq mailing list archives
SuSEs YaST Online Update - possible symlink attack
From: Rene <l0om () excluded org>
Date: 5 Apr 2004 09:02:35 -0000
author:l0om - l0om[at]excluded.org - www.excluded.org date:05.04.2004 product:SuSE 9.0 maybe lower possible symlink attack in SuSEs YOU [YaST Online Update] in SuSE linux you can use YOU to auto update your system. you can do this by YaST or by hand with the command "online_update". as a normal user you can check for updates with the options "-q" or "-k". By doing this "online_update" will do the follwing: creats a directory in /usr/tmp/you-$USER in this direcoty it will creat the files "cookies", "quickcheack" and "youservers" (furthermore it creats some directorys- nevermind...). it doesnt check for a allready existing directory called "you-$USER" or for files like "cookies" which may be there. an attacker could create a directory like "/usr/tmp/ you-asdf" and put a link there named "cookies" which points to a file in / home/asdf he likes to overwrite. then he should set the directory permissions on 777 otherwise the binary will fail to create files in /usr/tmp/asdf. now he have to get the user asdf to execute the "/ usr/bin/online_update" binary (maybe by mail or write) and the file will be overwritten. bye and have a lot of phun l0om
Current thread:
- SuSEs YaST Online Update - possible symlink attack Rene (Apr 05)
- Re: SuSEs YaST Online Update - possible symlink attack Roman Drahtmueller (Apr 07)