From: "Larry W. Cashdollar" <lwc@Vapid.dhs.org>
To: bugtraq@securityfocus.com
Subject: Dangerous temp file creation during installation of Netscape 6.
Date: Mon, 27 Aug 2001 13:55:27 -0400 (EDT)
During installation of Netscape 6.01a for Solaris 2.7/8 Sparc, I noticed
the file /tmp/admin.3842 was created with mode 644. As you already know
if this package is installed by root in multiuser mode a malicious user
could use this to overwrite system files etc..
Here is the dangerous code:
# grep tmp ns6install
cat >/tmp/admin.$$ <<EOF
/usr/sbin/pkgrm -n -a /tmp/admin.$$ ${pkg}.* 2>&1
/usr/sbin/pkgadd -n -a /tmp/admin.$$ -d `pwd` $pkg 2>&1
#
A temporary work around would be to shut the system down into single user
mode, clean out /tmp and then install.
In reference too:
http://www.sun.com/solaris/netscape/index.html
-- Larry
http://vapid.dhs.org:8080
![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)