Reporter Packet Storm
[ http://www.rootshell.com/ ]
From firstname.lastname@example.org Fri Jul 17 12:47:17 1998
Date: Fri, 17 Jul 1998 19:52:31 +0700 (NOVST)
From: Oleg Safiullin <email@example.com>
Subject: wide-dhcp security hole
Bug found in OpenBSD port of wide-dhcp /created by me :-)/.
WIDE DHCP server creates /tmp/addrpool_dump without checking if this file
already exists, so any user can overwrite any file doing something like this:
ln -s /etc/master.passwd /tmp/addrpool_dump
This bug already fixed in OpenBSD ports tree. The author of wide-dhcp is
If you are currently using wide dhcp, you can fix this error by adding
unlink(ADDRPOOL_DUMP) before fopen(ADDRPOOL_DUMP, "w+") in files
Sorry for patchless message - I've made this fix only over patched sources for
OpenBSD. And of course, sorry for my poor English :)
* FORTRAN: God is real, unless declared integer...