Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
From: chris_calabrese () YAHOO COM (Chris Calabrese)
Date: Thu, 8 Jun 2000 12:20:09 -0700
1. The creation of temporary file of SNMP daemonAs far as I can tell, the worst thing you can do with this is modify the log entries. Not a good thing, but not like you can become root or anything. Of course, even if the file permissions problem were fixed, I'm guessing the thing would still follow sym-links, re-use existing files owned by other users, etc.
Hmm, that doesn't scan quite right. Let me clarify myself... The fact that the file is world-writable doesn't present a root compromise. The fact that the file uses a fixed name in a world writable directory does cause a problem unless code is put in place to make sure the thing won't follow symbolic links or overwrite existing files of the same name owned by other users. In particular, if the code follows sym-links (I'm guessing it does,though I haven't tested this theory), there are obvious root compromises. I'll stick by my previous statement that the "right" way to do this is log to syslog. __________________________________________________ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com
Current thread:
- [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability loveyou () DOGFOOT HACKERSLAB ORG (Jun 06)
- <Possible follow-ups>
- Re: [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Chris Calabrese (Jun 08)
- Re: [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Chris Calabrese (Jun 08)