Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: XBoard < 4.2.7: pxboard insecure tmp file handling

XBoard < 4.2.7: pxboard insecure tmp file handling

From: Martin Mačok <martin.macok_at_underground.cz>
Date: Wed, 3 Dec 2003 08:22:22 +0100

About XBoard:

XBoard is a graphical chessboard that can serve as a user interface
to chess engines (such as GNU Chess), the Internet Chess Servers,
electronic mail correspondence chess, or your own collection of
saved games. pxboard is a script that saves its standard input to
a temporary file and invokes "xboard -loadGameFile file &" on the
file. pxboard is a part of XBoard package. It is not used by default,
only when explicitely called.

More info: http://www.tim-mann.org/xboard.html

The BUG:

pxboard in XBoard 4.2.6 and older creates/writes to a file with
a predictable filename in /tmp directory. In a multiuser environment
malicious user could use this vulnerability to force pxboard user to
overwrite any file she has write access to.

The fix:

1) Upgrade to XBoard 4.2.7

OR

2) Replace pxboard script with the following one:

#!/bin/sh
tmp=`mktemp "${TMPDIR:-/tmp}/pxboard.$$.XXXXXX"` || exit 1
cat > "$tmp"
( xboard -ncp -lgf "$tmp" "$@" ; rm "$tmp" ) & 

-- 
         Martin Mačok                 http://underground.cz/
   martin.macok@underground.cz        http://Xtrmntr.org/ORBman/
Received on Dec 03 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]