HTML Headline Temporary File Symbolic Link Vulnerabilities
BID:12147
Info
HTML Headline Temporary File Symbolic Link Vulnerabilities
| Bugtraq ID: | 12147 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2004-1181 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 03 2005 12:00AM |
| Updated: | Jul 12 2009 09:26AM |
| Credit: | Discovery credited to Javier Fernández-Sanguino Peña. |
| Vulnerable: |
Toshiaki Kanosue HtmlHeadline 21.8 |
| Not Vulnerable: | |
Discussion
HTML Headline Temporary File Symbolic Link Vulnerabilities
It has been reported that there are numerous instances in HtmlHeadline where insecure temporary files are used. According to the report, it is possible for at least some of these instances to be exploited to corrupt files on the filesystem. It is likely that HtmlHeadline creates and writes to temporary files in the world writeable "/tmp" with predictable filenames.
It has been reported that there are numerous instances in HtmlHeadline where insecure temporary files are used. According to the report, it is possible for at least some of these instances to be exploited to corrupt files on the filesystem. It is likely that HtmlHeadline creates and writes to temporary files in the world writeable "/tmp" with predictable filenames.
Exploit / POC
HTML Headline Temporary File Symbolic Link Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
HTML Headline Temporary File Symbolic Link Vulnerabilities
Solution:
Debian has issued fixes. See advisory DSA 622-1 in the reference section.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Toshiaki Kanosue HtmlHeadline 21.8
Solution:
Debian has issued fixes. See advisory DSA 622-1 in the reference section.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Toshiaki Kanosue HtmlHeadline 21.8
-
Debian htmlheadline_21.8-3_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadli ne_21.8-3_all.deb
References
HTML Headline Temporary File Symbolic Link Vulnerabilities
References:
References:
- Html Headline Homepage (Toshiaki Kanosue)