Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Flying.txt

🗓️ 10 Mar 2000 00:00:00Reported by Grampa EliteType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Vulnerability allows any user to read files, exposing sensitive data in a game program.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
Vulnerability: Any user can read any file in the system.  
title=Flying rev. 6.20  
author=Helmut Hoenig  
system=tested on Redhat 5.2, possibly others  
[email protected] (Grampa Elite)  
  
Overview: Flying is a X-Windows program I have found installed on Redhat   
5.2 that is actually a gateway for multiple games that Helmut wrote. All of  
these games unfortunatly write to /tmp/logfile.txt . Basicly all that you  
have to do is symlink logfile.txt to say /var/log/messages, and as soon as  
root runs his silly little game it overwrites logfile.txt with the file you  
symlinked it to, also it becomes owned by root and the symlink is turned  
off. The big but is that the read bit is left on allowing you to read the  
tmp file. Do I have anything better to do than find stupid tmp file holes  
in mostly unused games? No not really.  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Mar 2000 00:00Current
7.4High risk
Vulners AI Score7.4
vulnerability file accessx-windows programredhat systemsymlink exploitlogfile overwrite
24
.json
Report