Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: usb_modeswitch/pppd -detach
From: Valdis.Kletnieks () vt edu
Date: Sat, 21 Jan 2012 21:49:07 -0500

On Sat, 21 Jan 2012 23:14:27 +0100, srm said:

A possible quick fix could be to append $$:
66:             echo "symlink-name: $2" >/tmp/debug.$$

Note that $$ is semi-predictable, so it's still easily exploitable (look at your
own process ID, make symlinks for the next 100 or so values of $$, and then
launch the exploit as before.

'man 1 mktemp' for a better solution for shell files.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault