TUCoPS :: Unix :: General
:: accel-1.htm
Accelerated-X /tmp insecurity
Vulnerability
accelerated-X
Affected
Systems running Accelerated-X 4.1
Description
Stefan Laudat found following. Seems like the guys at XiG forgot
the meaning of /tmp security ... The main problem is that the
Install program of the AcceleratedX package logs all in a file
named /tmp/Install.log. So, every user knowing that Mr ReWT is
going to install this X server on his box can overwrite any file
on the system.
The procedure is very simple:
ln -s /etc/shadow /tmp/Install.log
What if AcceleratedX is already installed?. There is also an
Uninstall.log. There's the /tmp/Xaccel.ini which seems to be the
temporary file for new configurations, so wait for the root
to change something and KAB00M!
Solution
Nothing yet.