Bug 4118 - Programs with possible /tmp symlink exploits
Programs with possible /tmp symlink exploits
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: man (Show other bugs)
6.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Cristian Gafton
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-07-19 12:14 EDT by tf
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-02-15 17:14:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description tf 1999-07-19 12:14:46 EDT
Following mail just went to the debian folks:

Dear Nerds,

maybe you remember my /tmp symlink attack posting to bugtraq
some time
ago. Some closer investigation revealed that in SuSE Linux
6.1 (a pity we
are not allowed to use debian at our site, but anyway...),
the following
programs were susceptible to symlink attacks; of course, the
list most
probably is not complete, but it contains the most
frequently used
programs showing bad behaviour:

Exploitable Program             typical file

man                             /tmp/zman09639aaa
all the rcs stuff               /tmp/T0a10328
netscape                        /tmp/jzip378496230054DAE
mktexpk                         /tmp/mt20385.tmp/mt20385.out
tkdesksh                        /tmp/17780aaa
kmail
/tmp/kmail26766/part4/unnamed,
/tmp/kmail26766/part2/scharfes_s.ps
pine                            /tmp/pine_prt023368
kdmrc                           /tmp/T0a23848
mupad
/tmp/xmupad_mupad_connect.5663
pvmd3                           /tmp/pvml.2346

Don't know yet where these calls did come from; some might
be
SuSE-specific.

?  sh -c mount /dev/fd0 2>/tmp/mnt931444692
?  /usr/bin/vi /tmp/snd.4920
?  cp query /tmp
Furthermore, I think cflow also had problems on my private
machine.

Note You need to log in before you can comment on or make changes to this bug.