Bugtraq mailing list archives
Advisory: popauth
From: Paul Starzetz <paul () starzetz de>
Date: Mon, 17 Dec 2001 23:53:18 +0100
Hi, there is a symlink problem in the popauth utility, which is part of the qpoper package. The binary is often istalled suid pop and follows symlinks in the -trace file option. This problem has been reported to vendors in June 2001. Impact: in case of suid popauth and valid shell for user pop, the attached script will create suid-pop shell, if someone su to pop. This may happen as a part of some automated check script (startup script). This vulnerability is not very crucial, however it should be reported at least once. /ih
Attachment:
mkbs2.sh
Description:
Current thread:
- Advisory: popauth Paul Starzetz (Dec 17)