SuSE Linux aaabase User Account with /tmp Home Vulnerability

In all versions of SuSE Linux, accounts are created by default which have the home directory of /tmp. As /tmp is world writable, it is possible for any user on the system to create shell dotfiles, which will be executed upon someone actually logging into that account, or su'ing with the - option to that account. This could allow a local user to compromise certain accounts on the machine, and could potentially be used to leverage further access.

Under SuSE 6.4, these accounts are games, firewall, wwwrun and nobody.


 

Privacy Statement
Copyright 2010, SecurityFocus