header-logo
Suggest Exploit
vendor:
liloconfig-color
by:
SecurityFocus
7.2
CVSS
HIGH
Insecure File Creation
22
CWE
Product Name: liloconfig-color
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1999

liloconfig-color Insecure File Creation Vulnerability

liloconfig-color creates the file /tmp/reply insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/reply to any file and wait for root to run the program. This will clober the target file.

Mitigation:

Ensure that the program is not run as root and that the /tmp directory is not writable by any user.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/77/info

liloconfig-color creates the file /tmp/reply insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/reply to any file and wait for root to run the program. This will clober the target file.
The file created has permissions -rw-r--r--.

$ ln -s /tmp/reply /etc/passwd
< wait for root to run liloconfig-color >

Navigation

Suggest Exploit

Services By CQR