linuxconf /tmp File Race Condition Vulnerability
BID:2186
Info
linuxconf /tmp File Race Condition Vulnerability
| Bugtraq ID: | 2186 |
| Class: | Race Condition Error |
| CVE: |
CVE-1999-1328 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 10 2001 12:00AM |
| Updated: | Jan 10 2001 12:00AM |
| Credit: | This vulnerability was first announced by Greg KH <[email protected]> on January 10, 2001 via Bugtraq. |
| Vulnerable: |
Wirex Immunix OS 7.0 -Beta Redhat Linux 7.0 |
| Not Vulnerable: | |
Discussion
linuxconf /tmp File Race Condition Vulnerability
linuxconf is a powerful configuration tool available for various distributions of the Linux Operating System. A problem exists which could potentially allow a race condition and symbolic link attack.
The problem occurs in the creation of /tmp files by linuxconf. The vpop3d program, which is part of the linuxconf package, creates /tmp files in an insecure manner under some circumstances. This could result in guessing of the filename of a future /tmp file, and the creation of a symbolic link to a file writable by the user executing linuxconf, which is normally root. A user with malicious motives could use this vulnerability to potentially overwrite or append to system files.
linuxconf is a powerful configuration tool available for various distributions of the Linux Operating System. A problem exists which could potentially allow a race condition and symbolic link attack.
The problem occurs in the creation of /tmp files by linuxconf. The vpop3d program, which is part of the linuxconf package, creates /tmp files in an insecure manner under some circumstances. This could result in guessing of the filename of a future /tmp file, and the creation of a symbolic link to a file writable by the user executing linuxconf, which is normally root. A user with malicious motives could use this vulnerability to potentially overwrite or append to system files.
Exploit / POC
linuxconf /tmp File Race Condition Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].