Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

cvsupd-startup.txt

🗓️ 12 Nov 2002 00:00:00Reported by Joshua GoodallType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Potential security risk in cvsupd.sh due to symlink attack on fixed-name output file.

Code
`  
Hi,  
  
Better not to file a PR for this, I feel.  
  
I was just passing by net/cvsup-mirror/files/cvsupd.sh when I noticed that  
it appends to the fixed-name file /var/tmp/cvsupd.out  
  
Therefore if I were a malicious user, I could make a symlink of that  
name in /var/tmp to effect arbitrary file corruption. If  
I was really clever, I might point it at /root/.ssh/authorized_keys and  
use secondary means to get cvsupd's output to include my public key.  
  
Consider changing it to /var/log/cvsupd.out ?  
  
Regards,  
Joshua.  
  
--   
Joshua Goodall  
[email protected] "Your byte hit ratio is weak, old man"  
"If you cache me now, I will dump more core than you can possibly imagine"  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Nov 2002 00:00Current
cvsupd.sh symlink attack fixed-name file authorized keys output file corruption
29