Vulnerability in the game Flying rev 6.20 - read any file on the system. Tested on Redhat 5.2, possibly others.
2f209ee73c1f2ecdfdee22d466cc9f146a0c9334dbb5fa0ab383f0ba9d507844
Vulnerability: Any user can read any file in the system.
title=Flying rev. 6.20
author=Helmut Hoenig
system=tested on Redhat 5.2, possibly others
foundby=grandpae@nconnect.net (Grampa Elite)
Overview: Flying is a X-Windows program I have found installed on Redhat
5.2 that is actually a gateway for multiple games that Helmut wrote. All of
these games unfortunatly write to /tmp/logfile.txt . Basicly all that you
have to do is symlink logfile.txt to say /var/log/messages, and as soon as
root runs his silly little game it overwrites logfile.txt with the file you
symlinked it to, also it becomes owned by root and the symlink is turned
off. The big but is that the read bit is left on allowing you to read the
tmp file. Do I have anything better to do than find stupid tmp file holes
in mostly unused games? No not really.