Bugtraq mailing list archives

Re: [SECURITY VULNERABILITY] lmgrd startup script

From: mharrigan () cisco com (Matthew G. Harrigan)
Date: Fri, 9 Aug 1996 14:13:50 -0700


At 12:45 PM 8/9/96 -0500, you wrote:

Look at how lmgrd is started through /etc/rc2.d/S85lmgrd:

               $licdir/${lmgrd} -c $licdir/$licfile >> /tmp/license_log 2>&1 &


The system is vulnerable to attacks that link /tmp/license_log to some
non-existent system file such as /.rhosts making it world writable the next
time the machine is rebooted.


Actually, it would make any file vulnerable, even if it existed since the
rc command appends and does not create (>>).

Matt

 Matthew G. Harrigan            |cisco Systems
 Internet Systems Engineer      |mharrigan () cisco com
 -------------------------------|408-527-3852 (x63582)
"640K ought to be enough for    |Email Pager:
 anybody. " - Bill Gates, 1981  |mharrigan () airnote net

Current thread:

Re: [SECURITY VULNERABILITY] lmgrd startup script Matthew G. Harrigan (Aug 09)
- <Possible follow-ups>
- Re: [SECURITY VULNERABILITY] lmgrd startup script David Evans (Aug 09)