Slackware Linux 3.4 - 'netconfig' Temporary File
| EKU-ID: 24709 | CVE: OSVDB-82887 | OSVDB-ID: |
| Author: neonhaze | Published: 1998-04-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 24709 | CVE: OSVDB-82887 | OSVDB-ID: |
| Author: neonhaze | Published: 1998-04-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/81/info netconfig creates the file /tmp/tmpmsg insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/tmpmsg to any file and wait for root to run the program. This will clober the target file. The file created has permissions -rw-r--r--. $ ln -s /tmp/tmpmsg /etc/passwd < wait for root to run netconfig >