Find the information you need for your favorite open source distribution .
XFree86 creates a directory in /tmp with the name .X11-unix for the X sockets and sets the directory to mode 1777. If an attacker creates a symlink with that filename and points it to another directory (e.g. /root), the permissions of the target directory is set to 1777.
The default permissions on /dev/kmem is insecure. A bug in all Linux 2.0.x kernels except 2.0.36 have a vulnerability which makes blind ip-spoofing possible.
The Netscape Communicator 4.5 comes with "talkback", a quality enhancement tool by Fullcircle (www.fullcircle.com). If the communicator crashs for any reason, the file with the name /tmp/.$UID.talkback is read in, and the pid in this file is killed. After that, the file is truncated/created without checks for {sym|hard}links and the pid of the current talkback process is written into the file.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
