Bugtraq mailing list archives
Security flaw in Accelerated-X 4.1
From: ninja () MS54 PROTV RO (Stefan Laudat)
Date: Mon, 8 Jun 1998 17:31:36 +0300
Hello, I don't know if this was posted before, please accept my appologies if so. Seems like the guys at XiG forgot the meaning of /tmp security ... The main problem is that the Install program of the AcceleratedX package logs all in a file named /tmp/Install.log. So, every user knowing that Mr ReWT is going to install this X server on his box can overwrite any file on the system. The procedure is very simple: ln -s /etc/shadow /tmp/Install.log Oh, some of you may tell me : "What if AcceleratedX is already installed?". There is also an Uninstall.log =-> I think the /tmp/Xaccel.ini is also the temporary file for new configurations, so wait for the root to change something and KAB00M! :)) I am too lazy to cc this to the guys at XiG so please do it if you want. --- Stefan Laudat aka Ninja pager: 2233789 / 4105 ninja () protv ro IRC = Ninja || SSL || Kayden http://www.cpc.pub.ro/~ssl -------------------------------- "Use."
Current thread:
- CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- Re: CISCO PIX Vulnerability Rick Smith (Jun 10)
- <Possible follow-ups>
- Re: CISCO PIX Vulnerability David Wagner (Jun 03)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs Aleph One (Jun 04)
- Re: FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs matthew green (Jun 04)
- Huge security hole in SDRC IDEAS MS6 cad system. Sven-Ove Westberg (Jun 05)
- Security flaw in Accelerated-X 4.1 Stefan Laudat (Jun 08)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 05)
- Re: CISCO PIX Vulnerability Jamie Thain (Jun 20)