Home page logo

bugtraq logo Bugtraq mailing list archives

Security flaw in Accelerated-X 4.1
From: ninja () MS54 PROTV RO (Stefan Laudat)
Date: Mon, 8 Jun 1998 17:31:36 +0300


I don't know if this was posted before, please accept my appologies if so.
  Seems like the guys at XiG forgot the meaning of /tmp security ...
  The main problem is that the Install program of the AcceleratedX package
logs all in a file named /tmp/Install.log. So, every user knowing that
Mr ReWT is going to install this X server on his box can overwrite any
file on the system.
  The procedure is very simple: ln -s /etc/shadow /tmp/Install.log
  Oh, some of you may tell me : "What if AcceleratedX is already
installed?". There is also an Uninstall.log =->
  I think the /tmp/Xaccel.ini is also the temporary file for new
configurations, so wait for the root to change something and KAB00M! :))
  I am too lazy to cc this to the guys at XiG so please do it if you want.


Stefan Laudat aka Ninja
pager: 2233789 / 4105
ninja () protv ro
IRC = Ninja || SSL || Kayden

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]