Avast! Linux Home Edition Insecure Temporary File Creation Vulnerability
BID:17535
Info
Avast! Linux Home Edition Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 17535 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 14 2006 12:00AM |
| Updated: | Apr 17 2006 10:51PM |
| Credit: | This vulnerability was discovered by Julien L. <[email protected]>. |
| Vulnerable: |
Avast! Avast! Linux Home Edition 1.0.5 Avast! Avast! Linux Home Edition 1.0.5-1 |
| Not Vulnerable: | |
Discussion
Avast! Linux Home Edition Insecure Temporary File Creation Vulnerability
Avast! Linux Home Edition creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
A successful attack would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may allow an attacker to overwrite sensitive files. This may result in a denial of service; other attacks may also be possible.
Avast! Linux Home Edition creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application.
A successful attack would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may allow an attacker to overwrite sensitive files. This may result in a denial of service; other attacks may also be possible.
Exploit / POC
Avast! Linux Home Edition Insecure Temporary File Creation Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Avast! Linux Home Edition Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Avast! Linux Home Edition Insecure Temporary File Creation Vulnerability
References:
References:
- Avast! Linux Home Edition (Avast!)
- Avast Linux Home Edition (vulnerability on a temporary folder creation) ("Julien L."