IRIX MIPSPro Compiler /tmp Filename Predictability Vulnerability

Bugtraq ID:	1412
Class:	Race Condition Error
CVE:	CVE-2000-0578
Remote:	No
Local:	Yes
Published:	Jun 21 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	This vulnerability was posted to the Bugtraq mailing list on June 21, 2000 by Jose Nazario <[email protected]>
Vulnerable:	SGI MIPSPro Compilers 7.2.1 - SGI IRIX 6.5.7 - SGI IRIX 6.5.6 - SGI IRIX 6.5.4 - SGI IRIX 6.5.3 - SGI IRIX 6.5.2 m - SGI IRIX 6.5.1 - SGI IRIX 6.5 - SGI IRIX 6.4 - SGI IRIX 6.3 - SGI IRIX 6.2 - SGI IRIX 6.1 - SGI IRIX 6.0.1 - SGI IRIX 6.0 SGI MIPSPro Compilers 7.1 - SGI IRIX 6.5.7 - SGI IRIX 6.5.6 - SGI IRIX 6.5.4 - SGI IRIX 6.5.3 - SGI IRIX 6.5.2 m - SGI IRIX 6.5.1 - SGI IRIX 6.5 - SGI IRIX 6.4 - SGI IRIX 6.3 - SGI IRIX 6.2 - SGI IRIX 6.1 - SGI IRIX 6.0.1 - SGI IRIX 6.0
Not Vulnerable:

IRIX MIPSPro Compiler /tmp Filename Predictability Vulnerability

A vulnerability exists in the creation of temporary files, in the MIPSpro compiler suite from SGI. The C, C++, Fortran 77 and Fortran 90 compilers each create predictably named files in /tmp, with the permissions specified by the umask of the user running the compiler. As these are predictable, it makes it fairly easy for a malicious user to alter the contents of these files, in order to potentially execute code under the ID of the user compiling.

IRIX MIPSPro Compiler /tmp Filename Predictability Vulnerability

There is no exploit required.

IRIX MIPSPro Compiler /tmp Filename Predictability Vulnerability

Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].