Bugtraq mailing list archives

symlink bug in tin/rtin

From: nr () C64 ORG (NetRunner)
Date: Sat, 29 Mar 1997 17:45:24 +0100


Small bug I discovered in the unix NEWS reader tin/rin.

Then a user run rtin/tin a user-list will be created in /tmp/.tin_log
with mode 0666. and if a user makes a symlink from /etc/passwd (or any
file) to /tmp/.tin_log and root or another user with uid 0 runs rtin/tin,
tin will follow the symlink to /etc/passwd and change the mode to 0666.

I hope no admin's are stupid enough to run rtin/tin as uid 0. :-)

/NetRunner
nr () c64 org

Current thread:

buffer over in hp-ux 10.20 kernel C0WZ1LL4 () NETSPACE ORG (Mar 21)
- Re: New Sendmail bug Jeffrey Moyer (Mar 24)
  - Re: New Sendmail bug Gonzo Granzeau (Mar 24)
    - Re: New Sendmail bug Claude Scarpelli (Mar 25)
    - Latest IE FIX from MS is a HOAX Aaron Spangler (Mar 25)
    - Re: Latest IE FIX from MS is a HOAX Michael H. Warfield (Mar 25)
    - ANNOUNCE : NTCrack v1.0 Jonathan Wilkins (Mar 27)
    - There are more loopholes in LPD Patrick Powell (Mar 28)
    - symlink bug in tin/rtin NetRunner (Mar 29)
    - Re: symlink bug in tin/rtin Nelson Murilo (Mar 29)
    - ANNOUNCE : NTCrack v2.0 Jonathan Wilkins (Mar 29)
    - more sendmail poop *Hobbit* (Mar 25)
    - Reported Sendmail 8.8.4 Exploit gshapiro () SENDMAIL ORG (Mar 25)
    - minor vulnerability in ELM Dmitry E. Kim (Mar 26)
    - FreeBSD-SA-97:02: Buffer overflow in lpd Aleph One (Mar 26)
  - Cisco 2509/2511 Albert Siersema (Mar 24)
    - Re: Cisco 2509/2511 Dan Brown (Mar 24)
    - Re: Cisco 2509/2511 Erdinc KAYA (Mar 24)
- Re: your mail Stefan Laudat (Mar 24)

(Thread continues...)