Gentoo Portage Sandbox Insecure Temporary Lockfile Creation Vulnerability
BID:10060
Info
Gentoo Portage Sandbox Insecure Temporary Lockfile Creation Vulnerability
| Bugtraq ID: | 10060 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 06 2004 12:00AM |
| Updated: | Apr 06 2004 12:00AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 |
| Not Vulnerable: | |
Discussion
Gentoo Portage Sandbox Insecure Temporary Lockfile Creation Vulnerability
Gentoo portage has been reported prone to an insecure temporary file creation vulnerability. The vulnerability exists because portage creates a lockfile with a predictable name in a world writeable location.
An attacker may create many symbolic hard links in the "/tmp" folder, named with incrementing filenames in an attempt to predict the PID of the vulnerable process. These links will point to a file that the attacker wishes to corrupt. When portage is executed the file that is linked will be overwritten with a blank file with the privileges of the user who is invoking the portage application.
Gentoo portage has been reported prone to an insecure temporary file creation vulnerability. The vulnerability exists because portage creates a lockfile with a predictable name in a world writeable location.
An attacker may create many symbolic hard links in the "/tmp" folder, named with incrementing filenames in an attempt to predict the PID of the vulnerable process. These links will point to a file that the attacker wishes to corrupt. When portage is executed the file that is linked will be overwritten with a blank file with the privileges of the user who is invoking the portage application.
Exploit / POC
Gentoo Portage Sandbox Insecure Temporary Lockfile Creation Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Gentoo Portage Sandbox Insecure Temporary Lockfile Creation Vulnerability
Solution:
Gentoo have recommended that users upgrade to Portage 2.0.50-r3 or later to resolve this issue. This can be accomplished by executing the following commands:
# emerge sync
# emerge -pv ">=sys-apps/portage-2.0.50-r3"
# emerge ">=sys-apps/portage-2.0.50-r3"
Solution:
Gentoo have recommended that users upgrade to Portage 2.0.50-r3 or later to resolve this issue. This can be accomplished by executing the following commands:
# emerge sync
# emerge -pv ">=sys-apps/portage-2.0.50-r3"
# emerge ">=sys-apps/portage-2.0.50-r3"
References
Gentoo Portage Sandbox Insecure Temporary Lockfile Creation Vulnerability
References:
References: