Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
BID:12208
Info
Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 12208 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 10 2005 12:00AM |
| Updated: | Jan 10 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Javier Fernández-Sanguino Peña. |
| Vulnerable: |
David Mischler IPRoute 2.4.7 David Mischler IPRoute 2.2.4 David Mischler IPRoute 1.18 David Mischler IPRoute 1.10 David Mischler IPRoute 0.974 David Mischler IPRoute 0.973 David Mischler IPRoute 20010824 |
| Not Vulnerable: | |
Discussion
Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
iproute2 is distributed with a script named 'netbug'. The 'netbug' script is reported prone to an unspecified insecure temporary file creation vulnerability.
It is conjectured that the 'netbug' script creates a temporary file using a predictable filename in a world read-writeable location. This issue may be leveraged to corrupt arbitrary files with the privileges of a user that invokes the vulnerable script.
iproute2 is distributed with a script named 'netbug'. The 'netbug' script is reported prone to an unspecified insecure temporary file creation vulnerability.
It is conjectured that the 'netbug' script creates a temporary file using a predictable filename in a world read-writeable location. This issue may be leveraged to corrupt arbitrary files with the privileges of a user that invokes the vulnerable script.
Exploit / POC
Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Linux IPRoute2 Netbug Script Insecure Temporary File Creation Vulnerability
References:
References:
- iproute2 Homepage (Alexey Kuznetsov)