ARPUS Ce/Ceterm Insecure Temporary File Creation Vulnerability
BID:13465
Info
ARPUS Ce/Ceterm Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 13465 |
| Class: | Design Error |
| CVE: |
CVE-2005-1396 |
| Remote: | No |
| Local: | Yes |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery is credited to Kevin Finisterre <[email protected]>. |
| Vulnerable: |
ARPUS Ce/Ceterm 2.5.1 |
| Not Vulnerable: |
ARPUS Ce/Ceterm 2.6 |
Discussion
ARPUS Ce/Ceterm Insecure Temporary File Creation Vulnerability
ARPUS Ce/Ceterm is prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes a file to be insecurely opened
or created and subsequently written to.
An attacker may leverage this issue to corrupt arbitrary files with root privileges.
ARPUS Ce/Ceterm is prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes a file to be insecurely opened
or created and subsequently written to.
An attacker may leverage this issue to corrupt arbitrary files with root privileges.
Exploit / POC
ARPUS Ce/Ceterm Insecure Temporary File Creation Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
ARPUS Ce/Ceterm Insecure Temporary File Creation Vulnerability
Solution:
The vendor has reported that version 2.6 and later of Ce/Ceterm no longer require the setuid bit to be set.
ARPUS Ce/Ceterm 2.5.1
Solution:
The vendor has reported that version 2.6 and later of Ce/Ceterm no longer require the setuid bit to be set.
ARPUS Ce/Ceterm 2.5.1
-
ARPUS Ce/Ceterm 2.6
http://168.158.26.15/ce/ce/ce.html
References
ARPUS Ce/Ceterm Insecure Temporary File Creation Vulnerability
References:
References:
- Ce/Ceterm Home Page (ARPUS)
- DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' ("KF (lists)"
)