[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Symlink attack techniques

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Symlink attack techniques
From: Werner Schalk <werner_schalk@xxxxxx>
Date: Wed, 14 Dec 2005 22:42:18 +0000

Hi,

I am currently doing a pentest and I was wondering whether you guys would know 
any symlink attack technique for the following scenario:

On a Unix system there is a cronjob set up which will use the find command to 
create some sort of report and output that report to a predictable file 
in /tmp. So basically the command in the crontab is something like:

15 4  * * 6     root    /usr/bin/find [command] > /tmp/report.txt

Due to the fact that I can't influence what is written to that file but 
link /tmp/report to a different file (e.g. /etc/passwd) I can cause some 
local disruption/problems I think. So my question now is: Is there any other 
way of executing code in this scenario? Can I use file descriptors with this?

Any input is greatly appreciated. Thank you. 

All the best,
Werner.
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Symlink attack techniques
  - From: H D Moore

Prev by Date: Re: [Full-disclosure] Symlink attack techniques
Next by Date: [U] RE: [Full-disclosure] Famous n3td3v quotes - The Director's Cut
Previous by thread: [Full-disclosure] Re: Someone is running his mouth again... [Hackerattacks in US linked to Chinese military: researchers]
Next by thread: Re: [Full-disclosure] Symlink attack techniques
Index(es):
- Date
- Thread