RedHat Linux diskcheck Race Condition Vulnerability
BID:2050
Info
RedHat Linux diskcheck Race Condition Vulnerability
| Bugtraq ID: | 2050 |
| Class: | Race Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 05 2000 12:00AM |
| Updated: | Dec 05 2000 12:00AM |
| Credit: | This vulnerability was first discovered by Stan Bubrouski <[email protected]>, and announced in a Red Hat Inc. Security Advisory on December 4, 2000. |
| Vulnerable: |
Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.2 alpha Redhat Linux 6.1 sparc Redhat Linux 6.1 i386 Redhat Linux 6.1 alpha Redhat Linux 6.0 sparc Redhat Linux 6.0 alpha Redhat Linux 6.0 |
| Not Vulnerable: | |
Discussion
RedHat Linux diskcheck Race Condition Vulnerability
diskcheck.pl is a perl script included as part of the Red Hat Powertools suite, distributed by Red Hat Inc. A condition exists which could allow a user to corrupt arbitrary files on the system.
The problem occurs in the creation of a file in the /tmp file system. diskcheck.pl is run hourly, and is designed to send an email to the administrator of the system if any filesystem on the system reaches 90% capacity. The mail generated is moved to a file in /tmp labelled diskusagealert.txt.$$, with $$ representing the process number of the job. Due to the design, it is possible for a malicious user to create a symbolic link to another file on the system to which write access is not permitted, and corrupt the integrity of the linked file.
diskcheck.pl is a perl script included as part of the Red Hat Powertools suite, distributed by Red Hat Inc. A condition exists which could allow a user to corrupt arbitrary files on the system.
The problem occurs in the creation of a file in the /tmp file system. diskcheck.pl is run hourly, and is designed to send an email to the administrator of the system if any filesystem on the system reaches 90% capacity. The mail generated is moved to a file in /tmp labelled diskusagealert.txt.$$, with $$ representing the process number of the job. Due to the design, it is possible for a malicious user to create a symbolic link to another file on the system to which write access is not permitted, and corrupt the integrity of the linked file.
Exploit / POC
RedHat Linux diskcheck Race Condition Vulnerability
See discussion.
See discussion.
Solution / Fix
RedHat Linux diskcheck Race Condition Vulnerability
Solution:
Patch available:
Redhat Linux 6.0
Redhat Linux 6.0 alpha
Redhat Linux 6.0 sparc
Redhat Linux 6.1 i386
Redhat Linux 6.1 sparc
Redhat Linux 6.1 alpha
Redhat Linux 6.2 sparc
Redhat Linux 6.2 i386
Redhat Linux 6.2 alpha
Solution:
Patch available:
Redhat Linux 6.0
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.0 alpha
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.0 sparc
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.1 i386
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.1 sparc
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.1 alpha
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.2 sparc
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.2 i386
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
Redhat Linux 6.2 alpha
-
Red Hat Inc. 6.x noarch diskcheck-3.1.1-10.6x.noarch.rpm
ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.n oarch.rpm
References
RedHat Linux diskcheck Race Condition Vulnerability
References:
References: