Re: AfterStep asfsm tmp hole

From: Kristofer Coward (krisat_private)
Date: Tue Aug 25 1998 - 09:40:28 PDT

Next message: Jeff Mcadams: "Re: Serious Security Hole in Hotmail"

Previous message: Kristofer Coward: "AfterStep asfsm tmp hole"
Maybe in reply to: Kristofer Coward: "AfterStep asfsm tmp hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > The disk usage monitor that comes with AfterStep (asfsm) overwrites
> > /usr/tmp/statfs regularly as whoever launched it, allowing the typical
> > symlink crap we've come to expect, including a possible DoS if run as
> > root.
>
> Which version?  Have you contacted the developers first?!

1.4.x (haven't checked 1.0, or 1.5pre). I posted to the as list before
writing here, that post also told them that it would be posted here. It's
a small enough bell/whistle that most of the world should be able to live
without it until it's patched (not that that should take long).

Kris Coward

Next message: Jeff Mcadams: "Re: Serious Security Hole in Hotmail"
Previous message: Kristofer Coward: "AfterStep asfsm tmp hole"
Maybe in reply to: Kristofer Coward: "AfterStep asfsm tmp hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:26 PDT