Date: 20 Jan 2004 14:48:31 -0000
From: Rene <l0om@excluded.org>
To: bugtraq@securityfocus.com
Subject: [SuSE 9.0] possible symlink attacks in some scripts
Product: some scripts shipped with suse 9.0
Date: 20.01.2004
Author: l0om <l0om@excluded.org>
greetings,
i have done a litte reseach on a SuSE linux 9.0 box
for possible symlink attacks. i have checked nearly
every script i could found on the system. i havent
found much and nothing very special.i dont have a
clue if the following scripts are somewhere on the
system executed but maybe someone useses them in a
script or something like that.
**
/usr/X11R6/bin/fvwm-bug
[...]
TEMP=/tmp/fvwm-bug.$$
[...]
cat > $TEMP <<EOF
[...]
**
/usr/X11R6/bin/wm-oldmenu2new
[...]
T=/tmp/wmmenu$$
[...]
cp $OLD_MENU $T-c
[...]
**
/usr/X11R6/bin/x11perfcomp
[...]
tmp=${TMPDIR-/tmp}/rates.$$
mkdir $tmp || exit 1
[...]
mkdir $tmp/rates
[...]
-l) cp $2 $tmp/labels
[...]
rm -rf $tmp
[...]
**
/usr/X11R6/bin/xf86debug
[...]
gdb << EOF &> /tmp/xf86debug.1.log
echo "Debugger output written to /tmp/
xf86debug.1.log." #thx for that info
[...]
**
/opt/kde3/bin/winpopup-send.sh
echo "$2" > /tmp/.winpopup-new
echo `date +"%a %l:%m %p"` >> /tmp/.winpopup-new
cat "$1" | tr "\000" "\012" >> /tmp/.winpopup-new
mv -f /tmp/.winpopup-new /tmp/.winpopup
**
/sbin/lvmcreate_initrd
[...]
DEVRAM=/tmp/initrd.$$
[...]
verbose "using $DEVRAM as a temporary loopback file"
#thx for that info
dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024
> /dev/null 2>&1
[...]
********** greets @ proxy, takt, maximilian, sirius,
dna, fe2k, xnet, zexl
rest of excluded.org
nofx, rancid, bad religion, less
than jake ...
www.excluded.org --l0om
have Phun!
