WMTV Configuration File Symlink Vulnerability

wmtv is a video4linux TV player for windowmaker. It runs on Linux and Unix variants using windowmaker. It ships with Debian GNU/Linux 2.2.

A problem has been discovered in wmtv that may allow a local user to launch symlink attacks against the host.

Affected versions of wmtv are installed setuid root, and require these privileges to function. As a result, the wmtv configuration file is written back as the superuser.

Successful symlink attacks may cause critical files to be overwritten by the local attacker, or may result in the attacker gaining elevated privileges.

This appears to be a problem with the version of wmtp that ships with Debian/GNU Linux due to the permissions that are required to run vulnerable versions of the software.


Privacy Statement
Copyright 2010, SecurityFocus