From owner-freebsd-bugs Sat Aug 21 4:50: 7 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 14887150C6 for ; Sat, 21 Aug 1999 04:50:05 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id EAA69197; Sat, 21 Aug 1999 04:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from mx1.lublin.pl (mx1.lublin.pl [212.182.63.76]) by hub.freebsd.org (Postfix) with ESMTP id 0BBE114FA3 for ; Sat, 21 Aug 1999 04:42:49 -0700 (PDT) (envelope-from venglin@lagoon.FreeBSD.lublin.pl) Received: from lagoon.freebsd.lublin.pl ([212.182.117.180]:14610 "HELO lagoon.FreeBSD.lublin.pl") by krupik.man.lublin.pl with SMTP id ; Sat, 21 Aug 1999 13:41:02 +0200 Received: (qmail 31191 invoked by uid 1001); 21 Aug 1999 11:42:43 -0000 Message-Id: <19990821114243.31190.qmail@lagoon.FreeBSD.lublin.pl> Date: 21 Aug 1999 11:42:43 -0000 From: venglin@lagoon.FreeBSD.lublin.pl Reply-To: venglin@lagoon.FreeBSD.lublin.pl To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/13286: [SECURITY] Potential IPXrouted(8) /tmp security problem Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 13286 >Category: bin >Synopsis: [SECURITY] Potential IPXrouted(8) /tmp security problem >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 21 04:50:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: FreeBSD 3.2-STABLE i386 >Organization: Unia Lubelska High School >Environment: FreeBSD lagoon.FreeBSD.lublin.pl 3.2-STABLE FreeBSD 3.2-STABLE #0: Fri Aug 13 19:51:28 CEST 1999 venglin@lagoon.FreeBSD.lublin.pl:/var/obj/sys/compile/LAGOON i386 >Description: Attacker can overwrite any file by creating link to /tmp/ipxrouted.dmp >How-To-Repeat: $ ln -s /etc/master.passwd /tmp/ipxrouted.dmp When root sends SIGINFO to IPXrouted process, file /etc/master.passwd is overwritten. >Fix: Use mkstemp() when opening dump file. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message