Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: netwat-1.htm

Netwatch symlink vulnerability



Vulnerability

    netwatch

Affected

    Systems running netwatch

Description

    George Sakhnovsky found following.  netwatch 0.7e (latest  version
    on  sunsite  at  moment  of  writing)  creates  a  temp   logfile,
    /tmp/.watchlog.000,  each  time  it's  ran.   It  has  no  problem
    following symlinks, so you can  overwrite any file on the  system.
    Just do ln, and wait for the admin to run it.

Solution

    Wait for newer version that wil hopefully fix this.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH