VULHUB ™

IBM's Network Station Manager is a client/server application which facilitates management for IBM Network Stations. It is possible to locally gain root priviliges on hosts running the NetStation daemon. NetStation (which runs as root) creates temporary files in /tmp with predictable filenames based on a known partial filename and the current system time, creating a race condition which can lead to root compromise if the race is won. A symlink would have to be created with a correct predicted filename that points to (for example) /.rhosts, causing NetStation to write to it. The attacker would then add "+ +" to the file, chown root it and rlogin (or rsh in) as root.

IBM's Network Station Manager is a client/server application which facilitates management for IBM Network Stations. It is possible to locally gain root priviliges on hosts running the NetStation daemon. NetStation (which runs as root) creates temporary files in /tmp with predictable filenames based on a known partial filename and the current system time, creating a race condition which can lead to root compromise if the race is won. A symlink would have to be created with a correct predicted filename that points to (for example) /.rhosts, causing NetStation to write to it. The attacker would then add "+ +" to the file, chown root it and rlogin (or rsh in) as root.