OpenMosixview Multiple Insecure Temporary File Creation Vulnerabilities
BID:12902
Info
OpenMosixview Multiple Insecure Temporary File Creation Vulnerabilities
| Bugtraq ID: | 12902 |
| Class: | Design Error |
| CVE: |
CVE-2005-0894 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 25 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Gangstuck and Psirac <[email protected]>. |
| Vulnerable: |
openMosixview openMosixview 1.5 openMosixview openMosixview 1.4 openMosixview openMosixview 1.3 openMosixview openMosixview 1.2 Gentoo Linux |
| Not Vulnerable: | |
Discussion
OpenMosixview Multiple Insecure Temporary File Creation Vulnerabilities
openMosixview is reported prone to multiple local insecure temporary file creation vulnerabilities. These issues are due to design errors that cause the application to fail to verify the existence of files before writing to them.
An attacker may leverage these issues to overwrite and delete arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
All versions of openMosixView are reported vulnerable.
openMosixview is reported prone to multiple local insecure temporary file creation vulnerabilities. These issues are due to design errors that cause the application to fail to verify the existence of files before writing to them.
An attacker may leverage these issues to overwrite and delete arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
All versions of openMosixView are reported vulnerable.
Exploit / POC
OpenMosixview Multiple Insecure Temporary File Creation Vulnerabilities
An exploit is not required.
Proof of concept is available:
An exploit is not required.
Proof of concept is available:
Solution / Fix
OpenMosixview Multiple Insecure Temporary File Creation Vulnerabilities
Solution:
Gentoo has released an advisory (GLSA 200504-20) and an updated eBuild to address this issue. Gentoo users may apply the updates by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=sys-cluster/openmosixview-1.5-r1"
Solution:
Gentoo has released an advisory (GLSA 200504-20) and an updated eBuild to address this issue. Gentoo users may apply the updates by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=sys-cluster/openmosixview-1.5-r1"
References
OpenMosixview Multiple Insecure Temporary File Creation Vulnerabilities
References:
References:
- openMosixView Home Page (openMosixView)
- Re: Temporary File Creation Bug (Matt Rechenburg
- RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit (rexolab