• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

S.u.S.E. 6.0 xtvscreen Vulnerability

xtvscreen is a screen capture utility shipped with SuSE Linux 6. It's supposed to create files in it's working directory to store the captured images. Unfortunately, it will also follow symlinks. Since xtvscreen is suid root by default, it will overwrite any file on the system.