[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [SuSE 9.0] possible symlink attacks in some scripts
From:       Rene <l0om () excluded ! org>
Date:       2004-01-20 14:48:31
Message-ID: 20040120144831.20451.qmail () www ! securityfocus ! com
[Download RAW message or body]



Product: some scripts shipped with suse 9.0 
Date: 20.01.2004 
Author: l0om <l0om@excluded.org> 
 
greetings, 
i have done a litte reseach on a SuSE linux 9.0 box 
for possible symlink attacks. i have checked nearly 
every script i could found on the system. i havent 
found much and nothing very special.i dont have a 
clue if the following scripts are somewhere on the 
system executed but maybe someone useses them in a 
script or something like that. 
 
 
** 
/usr/X11R6/bin/fvwm-bug 
[...] 
TEMP=/tmp/fvwm-bug.$$ 
[...] 
cat > $TEMP <<EOF 
[...] 
 
** 
/usr/X11R6/bin/wm-oldmenu2new 
[...] 
T=/tmp/wmmenu$$ 
[...] 
cp $OLD_MENU $T-c 
[...] 
 
** 
/usr/X11R6/bin/x11perfcomp 
[...] 
tmp=${TMPDIR-/tmp}/rates.$$ 
mkdir $tmp || exit 1 
[...] 
mkdir $tmp/rates 
[...] 
-l)     cp $2 $tmp/labels 
[...] 
rm -rf $tmp 
[...] 
 
** 
/usr/X11R6/bin/xf86debug 
[...] 
gdb << EOF &> /tmp/xf86debug.1.log 
echo "Debugger output written to /tmp/
xf86debug.1.log." #thx for that info 
[...] 
 
** 
/opt/kde3/bin/winpopup-send.sh 
echo "$2" > /tmp/.winpopup-new 
echo `date +"%a %l:%m %p"` >> /tmp/.winpopup-new 
cat "$1" | tr "\000" "\012" >> /tmp/.winpopup-new 
mv -f /tmp/.winpopup-new /tmp/.winpopup 
 
** 
/sbin/lvmcreate_initrd 
[...] 
DEVRAM=/tmp/initrd.$$ 
[...] 
verbose "using $DEVRAM as a temporary loopback file" 
#thx for that info 
dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024 
> /dev/null 2>&1 
[...] 
 
**********  greets @ proxy, takt, maximilian, sirius, 
dna, fe2k, xnet, zexl 
		     	   rest of excluded.org 
		     nofx, rancid, bad religion, less 
than jake ... 
			www.excluded.org  --l0om 
		     		have Phun! 
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic