TUCoPS :: BSD :: wide-d~1.txt

There is a /tmp bug in the OpenBSD port of wide-dhcp.

[ http://www.rootshell.com/ ]

From form@vs.itam.nsc.ru Fri Jul 17 12:47:17 1998
Date: Fri, 17 Jul 1998 19:52:31 +0700 (NOVST)
From: Oleg Safiullin <form@vs.itam.nsc.ru>
To: www-request@rootshell.com
Subject: wide-dhcp security hole

Bug found in OpenBSD port of wide-dhcp /created by me :-)/.

WIDE DHCP server creates /tmp/addrpool_dump without checking if this file
already exists, so any user can overwrite any file doing something like this:

ln -s /etc/master.passwd /tmp/addrpool_dump

This bug already fixed in OpenBSD ports tree. The author of wide-dhcp is

If you are currently using wide dhcp, you can fix this error by adding

unlink(ADDRPOOL_DUMP) before fopen(ADDRPOOL_DUMP, "w+") in files

Sorry for patchless message - I've made this fix only over patched sources for
OpenBSD. And of course, sorry for my poor English :)

* FORTRAN: God is real, unless declared integer...

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH