bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/osx/local/24609.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

13 lines
No EOL
618 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/11212/info
RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames.
A local attacker may exploit this vulnerability to execute symbolic link file overwrite attacks.
When using the scheduler component of RsyncX, /tmp/cron_rsyncxtmp
is insecurely used. A user can create a dir /tmp/blahdir,
then
ln -s /tmp/blahdir/file /tmp/cron.rsyncxtmp
After RsyncX scheduler is used by an admin, /etc/crontab
will become a symlink pointing to /tmp/blahdir/file.
Reference in a new issue View git blame Copy permalink