Bugtraq mailing list archives

Re: smbd remote file creation vulnerability

From: Tomek Lipski <Tomek.Lipski () ecl pl>
Date: Tue, 26 Jun 2001 07:31:32 +0200 (CEST)

On Mon, 25 Jun 2001, Pavol Luptak wrote:

Linux kernels with openwall patch (with restricted links in /tmp) are
imunne to this type of attack (following symlinks does not work, link
owner does not match with file's owner).

I dont know how openwall patch works but symlinks can be put anywhere ( ~/
for example..) to make this exploit work... [this is just a theory. havent
tested that ;)]

--
Tomek Lipski
email: [ Tomek.Lipski () ecl pl ] gsm: [ +48 606 787 423 ]
Eclipse ISP http://www.ecl.pl/
Czestochowa Al. NMP 31 tel. 034 3665011

Current thread:

smbd remote file creation vulnerability Michal Zalewski (Jun 24)
- Re: smbd remote file creation vulnerability maniac (Jun 25)
  - Re: smbd remote file creation vulnerability Pavol Luptak (Jun 25)
    - Re: smbd remote file creation vulnerability Jarno Huuskonen (Jun 26)
    - Re: smbd remote file creation vulnerability Pavol Luptak (Jun 26)
    - Re: smbd remote file creation vulnerability Simple Nomad (Jun 27)
    - Re: smbd remote file creation vulnerability Olaf Kirch (Jun 28)
    - Re: smbd remote file creation vulnerability Simple Nomad (Jun 28)
    - Re: smbd remote file creation vulnerability Tomek Lipski (Jun 26)
    - Re: smbd remote file creation vulnerability Wichert Akkerman (Jun 27)
    - Re: smbd remote file creation vulnerability Michal Zalewski (Jun 28)
    - Re: smbd remote file creation vulnerability Steve Beattie (Jun 28)
    - Re: smbd remote file creation vulnerability Phil Stracchino (Jun 28)
    - Re: smbd remote file creation vulnerability Joachim Blaabjerg (Jun 27)
    - Re: smbd remote file creation vulnerability Michal Zalewski (Jun 28)
    - Re: smbd remote file creation vulnerability sarnold (Jun 28)
- Re: smbd remote file creation vulnerability Fatal Connect (Jun 25)
  - Re: smbd remote file creation vulnerability Joseph Nicholas Yarbrough (Jun 26)