Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: SUSE :: hack0947.htm

SuSE 9.0 possible symlink attacks in some scripts
[SuSE 9.0] possible symlink attacks in some scripts

Product: some scripts shipped with suse 9.0 

Date: 20.01.2004 

Author: l0om  



i have done a litte reseach on a SuSE linux 9.0 box 

for possible symlink attacks. i have checked nearly 

every script i could found on the system. i havent 

found much and nothing very special.i dont have a 

clue if the following scripts are somewhere on the 

system executed but maybe someone useses them in a 

script or something like that. 








cat > $TEMP < /tmp/xf86debug.1.log 

echo "Debugger output written to /tmp/

xf86debug.1.log." #thx for that info 





echo "$2" > /tmp/.winpopup-new 

echo `date +"%a %l:%m %p"` >> /tmp/.winpopup-new 

cat "$1" | tr "\000" "\012" >> /tmp/.winpopup-new 

mv -f /tmp/.winpopup-new /tmp/.winpopup 







verbose "using $DEVRAM as a temporary loopback file" 

#thx for that info 

dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024 

> /dev/null 2>&1 



**********  greets @ proxy, takt, maximilian, sirius, 

dna, fe2k, xnet, zexl 

		     	   rest of 

		     nofx, rancid, bad religion, less 

than jake ...  --l0om 

		     		have Phun! 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2020 AOH