SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
BID:10047
Info
SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 10047 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 05 2004 12:00AM |
| Updated: | Apr 05 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Rene <[email protected]>. |
| Vulnerable: |
S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 |
| Not Vulnerable: | |
Discussion
SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
SuSE YaST Online Update reportedly creates temporary files in an insecure manner.
The source of the problem is that the online_update program will create temporary files using predictable filenames in a world writeable location (/usr/tmp).
Since these file names are static, it may be trivial for an attacker to create a symbolic link in its place. A malicious local user could take advantage of this issue by mounting a symbolic link attack to corrupt other system files, most likely resulting in destruction of data.
The vendor has reported that the problem is present in SUSE Linux 8.2 and 9.0.
SuSE YaST Online Update reportedly creates temporary files in an insecure manner.
The source of the problem is that the online_update program will create temporary files using predictable filenames in a world writeable location (/usr/tmp).
Since these file names are static, it may be trivial for an attacker to create a symbolic link in its place. A malicious local user could take advantage of this issue by mounting a symbolic link attack to corrupt other system files, most likely resulting in destruction of data.
The vendor has reported that the problem is present in SUSE Linux 8.2 and 9.0.
Exploit / POC
SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SuSE YaST Online Update Insecure Temporary File Creation Vulnerability
References:
References:
- S.u.S.E. Homepage (S.u.S.E.)
- Re: SuSEs YaST Online Update - possible symlink attack (Roman Drahtmueller
) - SuSEs YaST Online Update - possible symlink attack (Rene
)