Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_1

Bugtraq archives for 1st quarter (Jan-Mar) 1998: Security problem in Slackware.

Security problem in Slackware.

Suman_Saraf (ssarafHSS.HNS.COM)
Wed, 11 Mar 1998 15:12:38 +0530

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Solaris printd security vulnerability"
Previous message: Alan Cox: "Re: the purpose of dynamic memory allocation"
In reply to: Aleph One: "MDaemon SMTP Server Buffer Overflow's"
Next in thread: Peter van Dijk: "Re: Security problem in Slackware."

Hi,

I just found out that the setup program in slackware creates a file called
hdtest in /tmp  without checking for its existence.

So a malicious user could just create a symlink to any root owned file and
it will get fucked up when the administrator runs setup.

In my case I just created a symlink to /etc/passwd and when I exit the
setup the file contains only "EXIT" :-)

Lemme know if something has been done about it already.

--Suman



/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
         Suman Saraf                  Software Engineer
               Mobile Satellites Project
                Hughes Software Systems
           Plot 31,Sector 18,Electronic City,Gurgaon.
               Tel:011-91-343703 Ext: 2423
       PGP Keys on Request. http://www.hssworld.com
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Next message: Aleph One: "Solaris printd security vulnerability"
Previous message: Alan Cox: "Re: the purpose of dynamic memory allocation"
In reply to: Aleph One: "MDaemon SMTP Server Buffer Overflow's"
Next in thread: Peter van Dijk: "Re: Security problem in Slackware."