Dangerous temp file creation during installation of Netscape 6.

From: Larry W. Cashdollar (lwc@Vapid.dhs.org)
Date: 08/27/01 

Date: Mon, 27 Aug 2001 13:55:27 -0400 (EDT)
From: "Larry W. Cashdollar" <lwc@Vapid.dhs.org>
To: bugtraq@securityfocus.com
Subject: Dangerous temp file creation during installation of Netscape 6.
Message-ID: <Pine.SOL.4.21.0108271354280.30945-100000@Vapid.dhs.org>

During installation of Netscape 6.01a for Solaris 2.7/8 Sparc, I noticed
the file /tmp/admin.3842 was created with mode 644. As you already know
if this package is installed by root in multiuser mode a malicious user
could use this to overwrite system files etc..

Here is the dangerous code:

# grep tmp ns6install
cat >/tmp/admin.$$ <<EOF
                        /usr/sbin/pkgrm -n -a /tmp/admin.$$ ${pkg}.* 2>&1
        /usr/sbin/pkgadd -n -a /tmp/admin.$$ -d `pwd` $pkg 2>&1
#

A temporary work around would be to shut the system down into single user
mode, clean out /tmp and then install.

In reference too:

http://www.sun.com/solaris/netscape/index.html

-- Larry
   http://vapid.dhs.org:8080

Relevant Pages

  • Re: Netscape 7 issues.
    ... > average user having a good working browser is now much more ... Netscape in a few weeks as it seems Sun isn't going to produce ... Installation is a snap, it runs OK, and has ... The Windows desktops ...
    (comp.sys.sun.admin)
  • Re: plugins for netscape 7
    ... > included by the netscape installation. ... > and have linked necessary files to the plugins directory of netscape ...
    (comp.unix.bsd.freebsd.misc)
  • Re: OEM Reinstall
    ... But I still won't buy one that doesn't have a full installation CD. ... One of the biggest chores of setting up a new computer (with an OEM software bundle) is removing the extraneous trash, that the manufacturer was paid to include. ... This often means cleaning out AOL products (which includes Netscape). ... It's well beyond Microsoft's purview to act as a law enforcement or consumer protection agency. ...
    (microsoft.public.windowsxp.general)
  • [UNIX] Dangerous Temp File Creation During Netscape 6 Installation
    ... Dangerous Temp File Creation During Netscape 6 Installation ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... local users to overwrite any other system file whenever the installation ...
    (Securiteam)
  • Re: Copying files from a Windows 95 machine to an XP one
    ... I dont know about transfering/copy old mail from Netscape to OE, ... You need the installation disks or the ... >>download setup files. ... > I would have thought there was a way to copy such dowload installation ...
    (microsoft.public.windowsxp.setup_deployment)