- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24609
- Проверка EDB
-
- Пройдено
- Автор
- MATT JOHNSTON
- Тип уязвимости
- LOCAL
- Платформа
- OSX
- CVE
- N/A
- Дата публикации
- 2004-09-17
MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation
Код:
source: https://www.securityfocus.com/bid/11212/info
RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames.
A local attacker may exploit this vulnerability to execute symbolic link file overwrite attacks.
When using the scheduler component of RsyncX, /tmp/cron_rsyncxtmp
is insecurely used. A user can create a dir /tmp/blahdir,
then
ln -s /tmp/blahdir/file /tmp/cron.rsyncxtmp
After RsyncX scheduler is used by an admin, /etc/crontab
will become a symlink pointing to /tmp/blahdir/file.- Источник
- www.exploit-db.com
