klprfax_filter symlink vulnerability

From: wang yuan (r0gueat_private)
Date: Thu Dec 13 2001 - 22:14:54 PST

Next message: Jouko Pynnonen: "MSIE may download and run progams automatically"

Previous message: Mandrake Linux Security Team: "MDKSA-2001:092 - openssh update"
Next in thread: George Staikos: "Re: klprfax_filter symlink vulnerability"
Reply: George Staikos: "Re: klprfax_filter symlink vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) hi,all ! i'm sorry if this bug has been reported. klprfax_filter (kdeutils-2.2-2),is an application to make a printer that acts as a fax. when using klprfax_filter,it would creat a temp file,/tmp/klprfax.filter,but the temporary file was not created safely,this vulnerability could be exploited to overwrite arbitrary files! just tested on redhat 7.1. Cheers r0gue

Next message: Jouko Pynnonen: "MSIE may download and run progams automatically"
Previous message: Mandrake Linux Security Team: "MDKSA-2001:092 - openssh update"
Next in thread: George Staikos: "Re: klprfax_filter symlink vulnerability"
Reply: George Staikos: "Re: klprfax_filter symlink vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 14 2001 - 09:34:21 PST