[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ Suresec Advisories ] - Kcheckpass file creation vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [ Suresec Advisories ] - Kcheckpass file creation vulnerability
From: Suresec Advisories <advisories@xxxxxxxxxxx>
Date: Wed, 07 Sep 2005 19:28:32 +0200

Suresec Security Advisory  - #00006
05/09/05

Kcheckpass file creation vulnerability
Advisory: http://www.suresec.org/advisories/adv6.pdf

Description:

A lockfile handling error was found in kcheckpass which can,
in certain configurations be used to create world writable files.

Exploitation of this vulnerability may lead to elevated privileges .

The vulnerability was discovered by Ilja van Sprundel.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
Next by Date: [Full-disclosure] Re: Considering nSight, any thoughts? (Final comment)
Previous by thread: [Full-disclosure] Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
Next by thread: [Full-disclosure] Re: Considering nSight, any thoughts? (Final comment)
Index(es):
- Date
- Thread