Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| XBoard Unsafe Temporary Files May Let Local Users Gain Elevated Privileges |
|---|
Categorie: Vulnerability
Posted: 2003-12-06 by ReCall
Views: 436
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in the XBoard chessboard graphical interface in the 'pxboard' script. A local user may be able to gain elevated privileges
It is reported that pxboard creates temporary files in an unsafe manner in the '/tmp' directory. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file to be used by pxboard. Then, when pxboard is executed by a target user, the symlinked file will be created or overwritten with the privileges of the target user.
According to the report, pxboard is not used by default and is only used when explicitly called.
Impact: A local user can create or modify a file with the privileges of the user running XBoard.
Solution: A fixed version (4.2.7) is available at:
http://ftp.gnu.org/gnu/xboard/xboard-4.2.7.tar.gz
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=588
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
