• info
• discussion
• exploit
• solution
• references

HP-UX man /tmp symlink Vulnerability

Solution:
You could create root-owned catXXXX and manXXXX files in /tmp AFTER chmod'ing /tmp to 1777 to keep attackers from making the symlinks.