Home page logo

bugtraq logo Bugtraq mailing list archives

Re: smbd remote file creation vulnerability
From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 27 Jun 2001 18:48:18 -0400 (EDT)

On Wed, 27 Jun 2001, Wichert Akkerman wrote:

Linux kernels with openwall patch (with restricted links in /tmp) are
imunne to this type of attack (following symlinks does not work, link
owner does not match with file's owner).

If symlink don't work you can still use a hardlink though.

Another thing you can do is creating a symlink pointing to non-existing
file. You can create new boot script, configuration files like
ld.so.preload or whatever you want.

Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]