SuSE Linux aaabase User Account with /tmp Home Vulnerability
BID:1357
Info
SuSE Linux aaabase User Account with /tmp Home Vulnerability
| Bugtraq ID: | 1357 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 02 2000 12:00AM |
| Updated: | May 02 2000 12:00AM |
| Credit: | This vulnerability was disclosed in a SuSE security advisory on May 2, 2000. |
| Vulnerable: |
SuSE Linux 6.4 SuSE Linux 6.3 ppc SuSE Linux 6.3 alpha SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 alpha SuSE Linux 6.1 |
| Not Vulnerable: | |
Discussion
SuSE Linux aaabase User Account with /tmp Home Vulnerability
In all versions of SuSE Linux, accounts are created by default which have the home directory of /tmp. As /tmp is world writable, it is possible for any user on the system to create shell dotfiles, which will be executed upon someone actually logging into that account, or su'ing with the - option to that account. This could allow a local user to compromise certain accounts on the machine, and could potentially be used to leverage further access.
Under SuSE 6.4, these accounts are games, firewall, wwwrun and nobody.
In all versions of SuSE Linux, accounts are created by default which have the home directory of /tmp. As /tmp is world writable, it is possible for any user on the system to create shell dotfiles, which will be executed upon someone actually logging into that account, or su'ing with the - option to that account. This could allow a local user to compromise certain accounts on the machine, and could potentially be used to leverage further access.
Under SuSE 6.4, these accounts are games, firewall, wwwrun and nobody.