January 12, 2001

linuxconf /tmp file vulnerability

Author: JT Smith

From SecurityFocus: "The problem occurs in the creation of /tmp files by linuxconf. The
vpop3d program, which is part of the linuxconf package, creates /tmp
files in an insecure manner under some circumstances. This could
result in guessing of the filename of a future /tmp file, and the creation
of a symbolic link to a file writable by the user executing linuxconf,
which is normally root. A user with malicious motives could use this
vulnerability to potentially overwrite or append to system files."


  • Linux
Click Here!