[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: klprfax_filter symlink vulnerability
From:       George Staikos <staikos () 0wned ! org>
Date:       2001-12-14 18:13:55
[Download RAW message or body]

On Friday 14 December 2001 01:14, wang yuan wrote:
> hi,all !
> i'm sorry if this bug has been reported.
> klprfax_filter (kdeutils-2.2-2),is an application to make
> a printer that acts as a fax.
> when using klprfax_filter,it would creat a temp
> file,/tmp/klprfax.filter,but the  temporary file was not
> created safely,this vulnerability could be exploited to
> overwrite arbitrary files!
> just tested on redhat 7.1.

   This was announced by the KDE team on Nov 9.  The solution is to remove 
the suid bit from efax.  It seems to only need it for accessing the lock 
files and the modem.

-- 

George Staikos

[prev in list] [next in list] [prev in thread] [next in thread]