Re: xbreaky symlink vulnerability

From: Marco van Berkum (m.v.berkumat_private)
Date: Thu Sep 12 2002 - 12:02:25 PDT

Next message: Gossi The Dog: "Re: Bypassing SMTP Content Protection with a Flick of a Button"

Previous message: Stefan Esser: "Re: PHP fopen() CRLF Injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Josip Rodin wrote:

> On Thu, Sep 12, 2002 at 06:28:14PM +0200, Marco van Berkum wrote:
> > By default xbreaky is installed as suid and can be abused to overwrite any
> > file on the filesystem, by any user.
>
> I used to maintain the Debian package of xbreaky, and it never had any
> setuid bit set, especially not setuid root. So, to spell it out,
> Debian is not vulnerable to this problem.

Neither is NetBSD so it seems.
OpenBSD 3.0's tree installs it as suid though. So does source install of course.

Cheers,
Marco van Berkum


--
find / -user your -name base -exec chown us:us {}\;
 ----------------------------------------
|    Marco van Berkum / MB17300-RIPE     |
| m.v.berkumat_private / http://ws.obit.nl |
 ----------------------------------------

Next message: Gossi The Dog: "Re: Bypassing SMTP Content Protection with a Flick of a Button"
Previous message: Stefan Esser: "Re: PHP fopen() CRLF Injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 13:29:24 PDT