TUCoPS :: Unix :: General :: asfsm.txt

The Xwindows window manager AfterStep asfsm contains a temp file symlink bug allows users to overwrite files.


[ http://www.rootshell.com/ ]

Date:         Tue, 25 Aug 1998 01:06:51 -0400
From:         Kristofer Coward <kris@SNOW.UTORONTO.CA>
Subject:      AfterStep asfsm tmp hole

The disk usage monitor that comes with AfterStep (asfsm) overwrites
/usr/tmp/statfs regularly as whoever launched it, allowing the typical
symlink crap we've come to expect, including a possible DoS if run as root.

Kris Coward
kris@snow.utoronto.ca

--------------------------------------------------------------------------

Date:         Tue, 25 Aug 1998 12:40:28 -0400
From:         Kristofer Coward <kris@SNOW.UTORONTO.CA>
Subject:      Re: AfterStep asfsm tmp hole

> > The disk usage monitor that comes with AfterStep (asfsm) overwrites
> > /usr/tmp/statfs regularly as whoever launched it, allowing the typical
> > symlink crap we've come to expect, including a possible DoS if run as
> > root.
>
> Which version?  Have you contacted the developers first?!

1.4.x (haven't checked 1.0, or 1.5pre). I posted to the as list before
writing here, that post also told them that it would be posted here. It's
a small enough bell/whistle that most of the world should be able to live
without it until it's patched (not that that should take long).

Kris Coward

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH