Re: smbd remote file creation vulnerability

From: Michal Zalewski (lcamtufat_private)
Date: Wed Jun 27 2001 - 15:48:18 PDT

Next message: Phil Stracchino: "Re: smbd remote file creation vulnerability"

Previous message: Jass Seljamaa: "MacOS Personal Wed Sharing DoS"
In reply to: Wichert Akkerman: "Re: smbd remote file creation vulnerability"
Next in thread: Phil Stracchino: "Re: smbd remote file creation vulnerability"
Next in thread: Joachim Blaabjerg: "Re: smbd remote file creation vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 27 Jun 2001, Wichert Akkerman wrote:

>> Linux kernels with openwall patch (with restricted links in /tmp) are
>> imunne to this type of attack (following symlinks does not work, link
>> owner does not match with file's owner).
> 
> If symlink don't work you can still use a hardlink though.

Another thing you can do is creating a symlink pointing to non-existing
file. You can create new boot script, configuration files like
ld.so.preload or whatever you want.

-- 
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=

Next message: Phil Stracchino: "Re: smbd remote file creation vulnerability"
Previous message: Jass Seljamaa: "MacOS Personal Wed Sharing DoS"
In reply to: Wichert Akkerman: "Re: smbd remote file creation vulnerability"
Next in thread: Phil Stracchino: "Re: smbd remote file creation vulnerability"
Next in thread: Joachim Blaabjerg: "Re: smbd remote file creation vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 12:51:55 PDT