[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Insecure /tmp handling in isdnlog

From: dentoir <edtx xs4all nl>
To: linux-security redhat com
Subject: Insecure /tmp handling in isdnlog
Date: Wed, 21 Oct 1998 02:58:31 +0200 (MET DST)

The isdnlog program (provided by isdn4k-utils.tar.gz) creates a
root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and
no checking for symbolic links is done. The file is opened append only,
a user can make a symbolic from /tmp/isdnctrl to any file and mess
things up.

example: ln -s /var/spool/mail/root /tmp/isdnctrl

-- dentoir
Fart Foundation
Security through immaturity

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]