GNU A2PS psmandup.in Script Insecure Temporary File Vulnerability
BID:12109
Info
GNU A2PS psmandup.in Script Insecure Temporary File Vulnerability
| Bugtraq ID: | 12109 |
| Class: | Unknown |
| CVE: |
CVE-2004-1377 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 27 2004 12:00AM |
| Updated: | Jul 12 2009 09:26AM |
| Credit: | Discovery is credited to Javier Fernández-Sanguino Peña. |
| Vulnerable: |
Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Home GNU a2ps 4.13 b GNU a2ps 4.13 |
| Not Vulnerable: | |
Discussion
GNU A2PS psmandup.in Script Insecure Temporary File Vulnerability
GNU a2ps is prone to a vulnerability that may allow malicious local users to corrupt files. This issue is due to the fact that the 'psmandup.in' script creates temporary files in an insecure manner, allowing symbolic link attacks.
File corruption would occur in the context of the user running the script. It is not known if this issue could be leveraged to elevate privileges.
GNU a2ps is prone to a vulnerability that may allow malicious local users to corrupt files. This issue is due to the fact that the 'psmandup.in' script creates temporary files in an insecure manner, allowing symbolic link attacks.
File corruption would occur in the context of the user running the script. It is not known if this issue could be leveraged to elevate privileges.
Exploit / POC
GNU A2PS psmandup.in Script Insecure Temporary File Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
GNU A2PS psmandup.in Script Insecure Temporary File Vulnerability
Solution:
Mandriva Linux has released security advisory MDKSA-2005:097 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Turbolinux has released advisory TLSA-2005-64 to address this issue. Please see the referenced advisory for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Mandriva Linux has released security advisory MDKSA-2005:097 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Turbolinux has released advisory TLSA-2005-64 to address this issue. Please see the referenced advisory for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.