FCheck Insecure Temporary File Creation Vulnerability
BID:17524
Info
FCheck Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 17524 |
| Class: | Design Error |
| CVE: |
CVE-2006-1753 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 15 2006 12:00AM |
| Updated: | Apr 17 2006 09:01PM |
| Credit: | This vulnerability was discovered by Steve Kemp. |
| Vulnerable: |
FCheck fcheck 2.7.59 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
FCheck Insecure Temporary File Creation Vulnerability
FCheck creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
A successful attack would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may allow an attacker to overwrite sensitive files. This may result in a denial of service; other attacks may also be possible.
FCheck creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
A successful attack would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may allow an attacker to overwrite sensitive files. This may result in a denial of service; other attacks may also be possible.
Exploit / POC
FCheck Insecure Temporary File Creation Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
FCheck Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the references for vendor advisories and fixes.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Please see the references for vendor advisories and fixes.
References
FCheck Insecure Temporary File Creation Vulnerability
References:
References: