Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: lnx4924.htm

klprfax_filter follows symlink blindly



15th Dec 2001 [SBWID-4924]
COMMAND

	klprfax_filter follows symlink blindly

SYSTEMS AFFECTED

	kdeutils-2.2-2

PROBLEM

	wang yuan (r0gue) reported :
	

	when     using     klprfax_filter,it     would     creat     a      temp
	file,/tmp/klprfax.filter,but  the  temporary  file   was   not   created
	safely,this vulnerability could  be  exploited  to  overwrite  arbitrary
	files!

SOLUTION

	This was announced by the KDE team on Nov 9. The solution is  to  remove
	the suid bit from efax. It seems to only need it for accessing the  lock
	files and the modem.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH