BID:17436

Fbida FBGS Insecure Temporary File Creation Vulnerability

Info

Fbida FBGS Insecure Temporary File Creation Vulnerability

Bugtraq ID:	17436
Class:	Design Error
CVE:	CVE-2006-1695
Remote:	No
Local:	Yes
Published:	Apr 10 2006 12:00AM
Updated:	Dec 01 2006 08:49PM
Credit:	This vulnerability was discovered by Jan Braun <[email protected]>.
Vulnerable:	SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 10 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux Openexchange Server SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Office Server S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server Gentoo Linux fbida fbida 2.03 fbida fbida 2.01 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0

Not Vulnerable:

Discussion

Fbida FBGS Insecure Temporary File Creation Vulnerability

The 'fbida' utilities create temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.

A successful attack would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may allow an attacker to overwrite sensitive files. This may result in a denial of service; other attacks may also be possible.

Exploit / POC

Fbida FBGS Insecure Temporary File Creation Vulnerability

An exploit is not required.

Solution / Fix

Fbida FBGS Insecure Temporary File Creation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Please see the references for more information and vendor advisories.

fbida fbida 2.01

Debian exiftran_2.01-1.2sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_alpha.deb

Debian exiftran_2.01-1.2sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_amd64.deb

Debian exiftran_2.01-1.2sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_arm.deb

Debian exiftran_2.01-1.2sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_hppa.deb

Debian exiftran_2.01-1.2sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_i386.deb

Debian exiftran_2.01-1.2sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_ia64.deb

Debian exiftran_2.01-1.2sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_m68k.deb

Debian exiftran_2.01-1.2sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_mips.deb

Debian exiftran_2.01-1.2sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_mipsel.deb

Debian exiftran_2.01-1.2sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_powerpc.deb

Debian exiftran_2.01-1.2sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_s390.deb

Debian exiftran_2.01-1.2sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sa rge1_sparc.deb

Debian fbi_2.01-1.2sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ alpha.deb

Debian fbi_2.01-1.2sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ amd64.deb

Debian fbi_2.01-1.2sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ arm.deb

Debian fbi_2.01-1.2sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ hppa.deb

Debian fbi_2.01-1.2sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ i386.deb

Debian fbi_2.01-1.2sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ ia64.deb

Debian fbi_2.01-1.2sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ m68k.deb

Debian fbi_2.01-1.2sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ mips.deb

Debian fbi_2.01-1.2sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ mipsel.deb

Debian fbi_2.01-1.2sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ powerpc.deb

Debian fbi_2.01-1.2sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ s390.deb

Debian fbi_2.01-1.2sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ sparc.deb

References

Fbida FBGS Insecure Temporary File Creation Vulnerability

References:

fbgs: uses insecure tempfiles (Jan Braun )
fbida Home Page (fbida)