Bugtraq mailing list archives
Re: AfterStep asfsm tmp hole
From: kris () SNOW UTORONTO CA (Kristofer Coward)
Date: Tue, 25 Aug 1998 12:40:28 -0400
The disk usage monitor that comes with AfterStep (asfsm) overwrites /usr/tmp/statfs regularly as whoever launched it, allowing the typical symlink crap we've come to expect, including a possible DoS if run as root.Which version? Have you contacted the developers first?!
1.4.x (haven't checked 1.0, or 1.5pre). I posted to the as list before writing here, that post also told them that it would be posted here. It's a small enough bell/whistle that most of the world should be able to live without it until it's patched (not that that should take long). Kris Coward
Current thread:
- AfterStep asfsm tmp hole Kristofer Coward (Aug 24)
- <Possible follow-ups>
- Re: AfterStep asfsm tmp hole Kristofer Coward (Aug 25)