Vulnerability

    accelerated-X

Affected

    Systems running Accelerated-X 4.1

Description

    Stefan Laudat found following.  Seems like the guys at XiG  forgot
    the meaning of  /tmp security ...   The main problem  is that  the
    Install program  of the  AcceleratedX package  logs all  in a file
    named /tmp/Install.log. So,   every user knowing  that Mr ReWT  is
    going to install this X server  on his box can overwrite any  file
    on the system.

    The procedure is very simple:

        ln -s /etc/shadow /tmp/Install.log

    What if  AcceleratedX is  already installed?.   There is  also  an
    Uninstall.log.  There's the /tmp/Xaccel.ini which seems to be  the
    temporary  file  for  new  configurations,  so  wait  for the root
    to change something and KAB00M!

Solution

    Nothing yet.