Author: JT Smith
From SecurityFocus: “The problem occurs in the creation of /tmp files by linuxconf. The
vpop3d program, which is part of the linuxconf package, creates /tmp
files in an insecure manner under some circumstances. This could
result in guessing of the filename of a future /tmp file, and the creation
of a symbolic link to a file writable by the user executing linuxconf,
which is normally root. A user with malicious motives could use this
vulnerability to potentially overwrite or append to system files.”
vpop3d program, which is part of the linuxconf package, creates /tmp
files in an insecure manner under some circumstances. This could
result in guessing of the filename of a future /tmp file, and the creation
of a symbolic link to a file writable by the user executing linuxconf,
which is normally root. A user with malicious motives could use this
vulnerability to potentially overwrite or append to system files.”
Category:
- Linux
