TUCoPS :: SGI :: irix5325.htm

nsd temporary file symlink vulnerability
2nd May 2002 [SBWID-5325]

	nsd temporary file symlink vulnerability


	IRIX 6.5 to 6.5.10


	In   SGI   security   [http://www.sgi.com/support/security/]    advisory
	[20020501-01-I] :

	It has been reported that nsd  was  not  checking  the  permissions  and
	ownership of its dump file \"/var/tmp/nsd.dump\"  prior  to  writing  to

	If a user was to first create a symlink from another  file  pointing  to
	/var/tmp/nsd.dump and  then  an  already-privileged  user  sent  a  USR1
	signal to the nsd process, the file could be  damaged  or  modified.  If
	successfully exploited, this could lead to a root compromise.


	Upgrade to IRIX 6.5.11 or later.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH