RedHat dhcp Symbolic Link Vulnerability

When configuring a dhcp interface in RedHat Linux 5.0, a script is called at the end that copies /etc/dhcpc/resolv.conf to /etc as shown below:

if [ -f /etc/dhcpc/resolv.conf ]; then

echo "setting up resolv.conf" >> /tmp/dhcplog

cp /etc/dhcpc/resolv.conf /etc

fi

Since the script runs as root, if /tmp/dhcplog is a symbolic link, any file pointed to by the dhcplog symlink be appended by "setting up resolv.conf".


 

Privacy Statement
Copyright 2010, SecurityFocus