• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Maelstrom Insecure Symbolic Link Vulnerability

Maelstrom is a popular game originally written for the Macintosh. It has since been ported to Linux, and released under the GPL.

It has been reported that some versions of Maelstrom create a temporary file in an insecure manner. The file /tmp/f is created without proper checks. An attacker may create a symbolic link from this location pointing to any target file. When Maelstrom is executed, the target file will be overwritten if the user has sufficient permissions.

Later versions of Maelstrom may share this vulnerability.