expect to get hacked

2001-06-13T00:00:00
ID SECURITYVULNS:DOC:1710
Type securityvulns
Reporter Securityvulns
Modified 2001-06-13T00:00:00

Description

====================== expect to get hacked ======================

After looking at a recent discussion on vuln-dev, I decided that this might as well be released again. Makes the process of exploiting expect a little

rpm -qf `which expect`

expect-5.31-46

Under Redhat 7.0 expect uses the wrong path for search for its libs, one of the paths including a /var/tmp/ component.

This means any user can specify code to be executed by anyone else on the system who makes use of the expect binary.

Seems like one of the worst posible wrong paths you could have.

There is a fix for this. Somewhere.

http://www.securityfocus.com/archive/1/176257

--zen-parse