aru Posted June 10, 2004 Report Share Posted June 10, 2004 Mandrakesoft Security Advisories MDKSA-2004:060 : ksymoops Updated ksymoops packages fix symlink vulnerability June 10th, 2004 Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux.The script fails to do proper checking when copying a file to the /tmp directory.Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove.The problem is difficult to exploit because someone with root privileges needs to run ksymoops on a particular module for which a symlink for the same filename already exists. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 10.0 CS2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:060 Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts