|
From: Laszlo K. <las...@su...> - 2002-08-16 20:09:51
|
Hello guys, I just received this I thought it might be important. Laszlo -------- Original Message -------- Subject: scrollkeeper bug report Date: Fri, 16 Aug 2002 17:40:00 +0200 (CEST) From: Spybreak <spy...@ho...> To: <las...@su...> Dear Mr. Kovacs, I'm writing you regarding your scrollkeeper. During light auditing, I've found that it follows sym-links during creation of the scrollkeeper-tempfile.* files in the /tmp directory. Due to it it is possible to compromise even the root account. I've tested the vulnerabiliti on RH 7.3. RH 7.3 has installed version 0.3.4, but it seems that even version 0.3.11 (latest as far as I know) is susceptible to this kind of attack. So it would be fine if you can release a patched version to sourceforge until monday, before I release a security advisory for the public. To patch it takes no more than 15 minutes, so there should be no problem. Keep on with your cool work. Spybreak |