Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability
BID:12100
Info
Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 12100 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 23 2004 12:00AM |
| Updated: | Dec 23 2004 12:00AM |
| Credit: | Discovery is credited to Javier Fernández-Sanguino Peña. |
| Vulnerable: |
Gentoo Linux Debian tetex-bin 2.0.2 |
| Not Vulnerable: | |
Discussion
Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability
xdvizilla is a script that integrates DVI file viewing in Mozilla-based browsers. It is implemented with Debian tetex-bin package.
xdvizilla is reported prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
tetex-bin 2.0.2 is reported prone to this issue. It is likely that other versions are affected as well.
xdvizilla is a script that integrates DVI file viewing in Mozilla-based browsers. It is implemented with Debian tetex-bin package.
xdvizilla is reported prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
tetex-bin 2.0.2 is reported prone to this issue. It is likely that other versions are affected as well.
Exploit / POC
Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability
Solution:
Ubuntu has released advisory USN-51-1 to address this issue. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200501-31 to address this issue. There are no current fixes available for Gentoo Linux. Please see the referenced advisory for further information.
Solution:
Ubuntu has released advisory USN-51-1 to address this issue. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200501-31 to address this issue. There are no current fixes available for Gentoo Linux. Please see the referenced advisory for further information.
References
Debian Tetex-Bin Xdvizilla Insecure Temporary File Creation Vulnerability
References:
References:
- Debian Bug report logs - #286370 (Javier Fernández-Sanguino Peña)