exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

plaguez.advisory.007.admin-v1.2.vuln

plaguez.advisory.007.admin-v1.2.vuln
Posted Sep 23, 1999

plaguez.advisory.007.admin-v1.2.vuln

SHA-256 | 964b3f2c9443969fb6922e7ada3fd8577a27cdaeb2916af119476a21ef2a41cf

plaguez.advisory.007.admin-v1.2.vuln

Change Mirror Download

From dube0866@EUROBRETAGNE.FR Fri Aug 8 05:04:01 1997
Date: Sat, 1 Jan 1994 23:09:09 +0100
From: Nicolas Dubee <dube0866@EUROBRETAGNE.FR>
To: BUGTRAQ@NETSPACE.ORG

plaguez security advisory n. 7

admin-v1.2 vulnerabilities



Program: the admin-v1.2 package, a system administration
tool.

Version: current (v1.2)
older ones.

OS: verified on Linux, maybe others too.

Problem: temporary files / symlinks

Impact: any file on an affected system can be overwritten,
regardless of access permissions.




hello,

this week, I'll focus on a little sysadmin tool
called admin-v1.2 (found on Sunsite: system/Admin/),
and I'll show how several little vulnerabilities
can be exploited to trash any file on an affected
system.

as always, sorry if it's known stuff.

Description:
------------

Several vulnerabilities exist in the admin-v1.2 package,
an interactive system managment tool by Emmett Sauer and
Linux Business Systems.

By exploiting those vulnerabilities, local users can erase
arbitrary files on the system, regardless of access permissions.

admin-v1.2 does not properly handle temporary files. It writes
user menu choices and more to temporary files in the /tmp directory.
These files are named using the syntax /tmp/name.$$, some do
not even use the $$ suffix. Unfortunatly, admin-v1.2 does not
check if these files exist and will follow symlinks. It is then
possible to overwrite any file on the system.

An attacker could for example link any of these temporary files to
/etc/passwd or /.rhosts and wait for the administrator to use
admin-v1.2. The target file would be erased or trashed with
random data. It may also be possible to use admin-v1.2 to gain
root privileges, though I did not manage to do it.


Fix:
----

Remove the admin-v1.2 package.




well, that's it for this week. Next week, next hole ! :)




---------------------------
plaguez
dube0866@eurobretagne.fr
http://plaguez.insomnia.org
---------------------------
_Free_ security probes, Unix programming.

ps.: the above url courtesy of TheFloyd.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close