Casper.DikHOLLAND.SUN.COM

• Next message: Shaun Meckler: "Re: Half Life dedicated server Patch"
• Previous message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-081)"
• In reply to: Fabio Pietrosanti (naif): "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Next in thread: Andrey Alekseyev: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Reply: Casper Dik: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Tested also on:
>
>FreeBSD 3.3 = Vulnerable
>FreeBSD 2.2.8 = Vulnerable
>Aix 4.2 = Not Vulnerable
>Linux Slackware 7.0 = Not Vulnerable
>Linux Slackware 4.0 = Not Vulnerable

Solaris: not vulnerable (probably since 2.4).

6210: seteuid(10000) = 0
6210: open64("/tmp/crontabWCaqim", O_RDONLY) = 5
6210: seteuid(0) = 0

Root owned file:

6225: open64("/tmp/crontab9qaakm", O_RDONLY) Err#13 EACCES
6225: unlink("/tmp/crontab9qaakm") Err#1 EPERM

This was changed in may '94 in response to bug 1160749.

Not sure if there are patches for really old releases
(101572-03 for 2.3 appears to cover this)

Casper

• Next message: Shaun Meckler: "Re: Half Life dedicated server Patch"
• Previous message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-081)"
• In reply to: Fabio Pietrosanti (naif): "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Next in thread: Andrey Alekseyev: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Reply: Casper Dik: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]