lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 20 Jan 2004 14:48:31 -0000
From: Rene <l0om@...luded.org>
To: bugtraq@...urityfocus.com
Subject: [SuSE 9.0] possible symlink attacks in some scripts




Product: some scripts shipped with suse 9.0 
Date: 20.01.2004 
Author: l0om <l0om@...luded.org> 
 
greetings, 
i have done a litte reseach on a SuSE linux 9.0 box 
for possible symlink attacks. i have checked nearly 
every script i could found on the system. i havent 
found much and nothing very special.i dont have a 
clue if the following scripts are somewhere on the 
system executed but maybe someone useses them in a 
script or something like that. 
 
 
** 
/usr/X11R6/bin/fvwm-bug 
[...] 
TEMP=/tmp/fvwm-bug.$$ 
[...] 
cat > $TEMP <<EOF 
[...] 
 
** 
/usr/X11R6/bin/wm-oldmenu2new 
[...] 
T=/tmp/wmmenu$$ 
[...] 
cp $OLD_MENU $T-c 
[...] 
 
** 
/usr/X11R6/bin/x11perfcomp 
[...] 
tmp=${TMPDIR-/tmp}/rates.$$ 
mkdir $tmp || exit 1 
[...] 
mkdir $tmp/rates 
[...] 
-l)     cp $2 $tmp/labels 
[...] 
rm -rf $tmp 
[...] 
 
** 
/usr/X11R6/bin/xf86debug 
[...] 
gdb << EOF &> /tmp/xf86debug.1.log 
echo "Debugger output written to /tmp/
xf86debug.1.log." #thx for that info 
[...] 
 
** 
/opt/kde3/bin/winpopup-send.sh 
echo "$2" > /tmp/.winpopup-new 
echo `date +"%a %l:%m %p"` >> /tmp/.winpopup-new 
cat "$1" | tr "\000" "\012" >> /tmp/.winpopup-new 
mv -f /tmp/.winpopup-new /tmp/.winpopup 
 
** 
/sbin/lvmcreate_initrd 
[...] 
DEVRAM=/tmp/initrd.$$ 
[...] 
verbose "using $DEVRAM as a temporary loopback file" 
#thx for that info 
dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024 
> /dev/null 2>&1 
[...] 
 
**********  greets @ proxy, takt, maximilian, sirius, 
dna, fe2k, xnet, zexl 
		     	   rest of excluded.org 
		     nofx, rancid, bad religion, less 
than jake ... 
			www.excluded.org  --l0om 
		     		have Phun!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ