[原文]The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
The 'SuSEconfig.gnome-filesystem' script for YaST on SuSE Linux contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the script creating temporary files insecurely in the 'tmp.SuSEconfig.gnome-filesystem.$RANDOM' temporary directory. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: a potential workaround would be to edit the SuSEconfig.gnome-filesystem script to change the TEMP=/tmp/tmp.SuSEconfig.gnome-filesystem.$RANDOM to something like TEMP=/tmp/tmp.SuSEconfig.gnome-filesystem.$$, making the PID based number more difficult to predict.
Discovery of this vulnerability has been credited to l0om <email@example.com>.
S.u.S.E. Linux Personal 9.0
SuSEconfig.gnome-filesystem has been reported prone to an insecure file creation vulnerability that may be exploited to corrupt arbitrary files. The issue has been reported to present itself because the SuSEconfig.gnome-filesystem script will follow symbolic links when writing certain specific files.
SuSE Linux 9.0 has been reported to be prone to this issue, however, other versions could be affected as well.
The following proof of concept exploit has been supplied: