Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: accel-1.htm

Accelerated-X /tmp insecurity



Vulnerability

    accelerated-X

Affected

    Systems running Accelerated-X 4.1

Description

    Stefan Laudat found following.  Seems like the guys at XiG  forgot
    the meaning of  /tmp security ...   The main problem  is that  the
    Install program  of the  AcceleratedX package  logs all  in a file
    named /tmp/Install.log. So,   every user knowing  that Mr ReWT  is
    going to install this X server  on his box can overwrite any  file
    on the system.

    The procedure is very simple:

        ln -s /etc/shadow /tmp/Install.log

    What if  AcceleratedX is  already installed?.   There is  also  an
    Uninstall.log.  There's the /tmp/Xaccel.ini which seems to be  the
    temporary  file  for  new  configurations,  so  wait  for the root
    to change something and KAB00M!

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH