|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
DOSEMU contains a flaw that may cause the system administrator to permanantly delete vital parts of the file system. The issue is due to the Makefile.main install section not properly defining the $(abs_top_build_dir) variable. Under some installations, this variable may not be defined, leading the install process to "rm -rf $(TMP)" where $(TMP) is defined as /tmp.
|
|
Classification |
Attack Type:
Denial of Service
Impact:
Loss of Availability
|
|
Technical |
This is a considerable risk on many multi-user systems due to the contents of /tmp. Many programs and utilities keep important information in the /tmp directory that if deleted may affect user activity. Some examples:
- SSH session/socket information
- Screen session/socket information
- Editor temp files
- X-Windows session/socket information
- User PID files
|
|
Solution |
Upgrade to version 1.1.99.2 or higher, as it has been reported to fix this
vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
DOSEMU
 |
1.0.0 |
1.0.1 |
1.0.2 |
1.0.2.1 |
1.2.0rc1 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
