Slackware Linux 3.4 - 'makebootdisk' Temporary File
| EKU-ID: 24707 | CVE: OSVDB-82888 | OSVDB-ID: |
| Author: neonhaze | Published: 1998-04-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 24707 | CVE: OSVDB-82888 | OSVDB-ID: |
| Author: neonhaze | Published: 1998-04-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/78/info makebootdisk creates the file /tmp/return insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/return to any file and wait for root to run the program. This will clober the target file. The file created has permissions -rw-r--r--. $ ln -s /tmp/return /etc/passwd < wait for root to run makebootdisk >