inn /tmp File Race Condition Vulnerability
BID:2190
Info
inn /tmp File Race Condition Vulnerability
| Bugtraq ID: | 2190 |
| Class: | Race Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 10 2001 12:00AM |
| Updated: | Jan 10 2001 12:00AM |
| Credit: | This vulnerability was first announced by Greg KH <[email protected]> on January 10, 2001 via Bugtraq. |
| Vulnerable: |
Wirex Immunix OS 7.0 -Beta SCO eServer 2.3 SCO eDesktop 2.4 Redhat Linux 7.0 Mandriva Linux Mandrake 7.2 Mandriva Linux Mandrake 7.1 Mandriva Linux Mandrake 7.0 Mandriva Linux Mandrake 6.1 Mandriva Linux Mandrake 6.0 Debian Linux 2.2 sparc Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 Caldera OpenLinux Desktop 2.3 |
| Not Vulnerable: | |
Discussion
inn /tmp File Race Condition Vulnerability
inn is a freely available, open source Usenet software package maintained and available through the ISC, and packaged with various distributions of the Linux Operating System. A vulnerability exists which could allow a race condition to occur.
The problem occurs in the in the creation and handling of /tmp files by the inn program. Under some circumstances, inn will create files in the /tmp directory that use a predictable filename. In addition, inn may not check for the existance of these files. It is possible to create a range of symbolic links using predicted filenames in the /tmp directory, which could result in a symbolic link attack. This makes it possible for a user with malicious intent to symbolically link a file that's write-accessible by the UID of the inn process, and potentially overwrite or append to and corrupt the linked file.
inn is a freely available, open source Usenet software package maintained and available through the ISC, and packaged with various distributions of the Linux Operating System. A vulnerability exists which could allow a race condition to occur.
The problem occurs in the in the creation and handling of /tmp files by the inn program. Under some circumstances, inn will create files in the /tmp directory that use a predictable filename. In addition, inn may not check for the existance of these files. It is possible to create a range of symbolic links using predicted filenames in the /tmp directory, which could result in a symbolic link attack. This makes it possible for a user with malicious intent to symbolically link a file that's write-accessible by the UID of the inn process, and potentially overwrite or append to and corrupt the linked file.
Exploit / POC
inn /tmp File Race Condition Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
inn /tmp File Race Condition Vulnerability
References:
References: