Hello guys,
I just received this I thought it might be important.
Laszlo
-------- Original Message --------
Subject: scrollkeeper bug report
Date: Fri, 16 Aug 2002 17:40:00 +0200 (CEST)
From: Spybreak <spy...@ho...>
To: <las...@su...>
Dear Mr. Kovacs,
I'm writing you regarding your scrollkeeper.
During light auditing, I've found that it
follows sym-links during creation of the
scrollkeeper-tempfile.* files in the /tmp
directory.
Due to it it is possible to compromise even
the root account.
I've tested the vulnerabiliti on RH 7.3.
RH 7.3 has installed version 0.3.4, but it seems
that even version 0.3.11 (latest as far as I know)
is susceptible to this kind of attack.
So it would be fine if you can release a patched
version to sourceforge until monday, before I release
a security advisory for the public.
To patch it takes no more than 15 minutes,
so there should be no problem.
Keep on with your cool work.
Spybreak
|