Serious security flaw in SuSE rctab

Hi @ll, it seems that the problem described below has not been discussed on Bugtraq. Problem description ------------------- Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may...

CVE-2000-1134

Multiple shell programs on various Unix systems, including 1 tcsh, 2 csh, 3 sh, and 4 bash, follow symlinks when processing redirects aka here-documents or in-here documents, which allows local users to overwrite files of other users via a symlink attack...

CVE-2000-1162

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack...

CVE-2000-1178

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes...

CVE-2000-1137

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack...

PT-2001-1011 · Joe · Joe

Name of the Vulnerable Software and Affected Versions: joe affected versions not specified Description: The issue allows local users to overwrite the files of other users whose joe session crashes, due to the joe text editor following symbolic links when creating a rescue copy called DEADJOE duri...

tar-symlink.txt

Title : GNU tar Tape ARchive symlinkvulnerability Author : Marco van Berkum Organisation : OBIT b.v. URL : http://www.obit.nl Email : [email protected] Date : 06-01-2001 The usefull program tar Tape ARchive is used by all UNIX, Linux and BSD versions around and is used to ARCHIVE files to disk o...

Advisory: exmh symlink vulnerability

Author: Stan Bubrouski [email protected] Date: December 31, 2000 Package: exmh Versions affected: 2.2 and probably previous versions. Severity: A malicious local user could use a symlink attack to overwrite any file writable by the user executing exmh. Problem: When exmh detects a problem at start...

CVE-2000-0934

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack...

CVE-2000-0935

Samba Web Administration Tool SWAT in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file...

CVE-2000-0992

Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. dot dot attack...

STM symlink Vulnerability

Support Tool Manager Symlink Vulnerability From the STM manual page : The Support Tools Manager STM provides three interfaces that allow a user access to an underlying toolset, consisting of information modules, firmware update tools, verifiers, diagnostics, exercisers, expert tools, and utilitie...

University of Washington Pico 3.x4.x - File Overwrite

University of Washington Pico 3.x4.x - File Overwrite source: https://www.securityfocus.com/bid/2097/info A vulnerability exists in several versions of University of Washington's Pico, a widely-distributed text editor shipped with most versions of Linux / Unix. Under very specific circumstances, ...

University of Washington Pico 3.x/4.x - File Overwrite

source: https://www.securityfocus.com/bid/2097/info A vulnerability exists in several versions of University of Washington's Pico, a widely-distributed text editor shipped with most versions of Linux / Unix. Under very specific circumstances, it is possible to cause this version of Pico to...

FreeBSD-SA-00:76.tcsh-csh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:76 Security Advisory FreeBSD, Inc. Topic: tcsh/csh creates insecure temporary file Category: core, ports Module: tcsh, 44bsd-csh Announced: 2000-11-20 Affects: FreeBSD...

HP-UX 11.00/10.20 crontab - Overwrite Files

!/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh if -z "$1" then echo "Usage : $0 " exit fi cat /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR crontab -e 2 /tmp/crontab$$ grep -v "error on previous...

Slackware Linux /usr/bin/ppp-off Insecure /tmp Call Exploit

Exploit for linux platform in category dos / poc =========================================================== Slackware Linux /usr/bin/ppp-off Insecure /tmp Call Exploit =========================================================== !/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the...

Samba 2.0.7 - SWAT Symlink (2)

source: https://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager ...

Уязвимость в Oracle Listener

Используя команды SET TRCFILE или SET LOGFILE пользователь может перезаписать любой файл своими данными...

CVE-2000-0715

DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file...