NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vulnwatch> 2001-q3

From: Larry W. Cashdollar (lwcVapid.dhs.org)
Date: Mon Aug 27 2001 - 11:39:38 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

During installation of Netscape 6.01a for Solaris 2.7/8 Sparc, I noticed
the file /tmp/admin.3842 was created with mode 644. As you already know
if this package is installed by root in multiuser mode a malicious user
could use this to overwrite system files etc..

Here is the dangerous code:

# grep tmp ns6install
cat >/tmp/admin.$$ <<EOF
/usr/sbin/pkgrm -n -a /tmp/admin.$$ ${pkg}.* 2>&1
/usr/sbin/pkgadd -n -a /tmp/admin.$$ -d `pwd` $pkg 2>&1
#

A temporary work around would be to shut the system down into single user
mode, clean out /tmp and then install.

In reference too:

http://www.sun.com/solaris/netscape/index.html

-- Larry
http://vapid.dhs.org:8080

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]