[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Symlink vulnerabilities
- To: bugs@xxxxxxxxxxx
- Subject: Re: [Full-disclosure] Symlink vulnerabilities
- From: vladz <vladz@xxxxxxxxxx>
- Date: Sun, 23 Oct 2011 20:55:33 +0200
On Fri, Oct 21, 2011 at 07:59:59PM -0400, bugs@xxxxxxxxxxx wrote:
> bzexe utility:
>
> /bin/bzexe:tmp=gz$$
> /bin/bzexe:rm -f zfoo[12]$$
I reported this one several months ago (in some conditions it could lead
to a root exploit) and provided an easy solution, but no updates:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862
--
http://vladz.devzero.fr
PGP key 8F7E2D3C from pgp.mit.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/