Date: 21 Aug 1999 11:42:43 -0000 From: venglin@lagoon.FreeBSD.lublin.pl To: FreeBSD-gnats-submit@freebsd.org Subject: bin/13286: [SECURITY] Potential IPXrouted(8) /tmp security problem Message-ID: <19990821114243.31190.qmail@lagoon.FreeBSD.lublin.pl>
next in thread | raw e-mail | index | archive | help
>Number: 13286 >Category: bin >Synopsis: [SECURITY] Potential IPXrouted(8) /tmp security problem >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 21 04:50:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: FreeBSD 3.2-STABLE i386 >Organization: Unia Lubelska High School >Environment: FreeBSD lagoon.FreeBSD.lublin.pl 3.2-STABLE FreeBSD 3.2-STABLE #0: Fri Aug 13 19:51:28 CEST 1999 venglin@lagoon.FreeBSD.lublin.pl:/var/obj/sys/compile/LAGOON i386 >Description: Attacker can overwrite any file by creating link to /tmp/ipxrouted.dmp >How-To-Repeat: $ ln -s /etc/master.passwd /tmp/ipxrouted.dmp When root sends SIGINFO to IPXrouted process, file /etc/master.passwd is overwritten. >Fix: Use mkstemp() when opening dump file. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990821114243.31190.qmail>