| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120119000702.GA19814@suckless.org> Date: Thu, 19 Jan 2012 01:07:02 +0100 From: srm <srm@...kless.org> To: full-disclosure@...ts.grok.org.uk Subject: usb_modeswitch/pppd -detach morrn, Impact ====== Low Summary ======= When using usb_modeswitch and invoking pppd from wvdial in -detach mode. a /tmp/debug file is created. Local Attacker could overwrite arbitrary files. Example ======= ,file /tmp/debug debug: broken symbolic link to `/etc/nologin' Insert stick and connect: ,su Password: ,sh connect >/dev/null ,file debug debug: symbolic link to `/etc/nologin' ,cd /etc && cat nologin symlink-name: /devices/pci0000:00/0000:00:1a.7/usb1/1-3/1-3:1.0/ttyUSB0/tty ,ls -l nologin -rw-r--r-- 1 root root 84 Jan 19 01:11 nologin Software ======== archlinux: community/usb_modeswitch 1.2.1-1c archlinux: core/ppp 2.4.5-3 (base) Please verify. YMMV. Greetings srm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists