shadow-utils /etc/default Temp File Race Condition Vulnerability
BID:2196
Info
shadow-utils /etc/default Temp File Race Condition Vulnerability
| Bugtraq ID: | 2196 |
| Class: | Race Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 10 2001 12:00AM |
| Updated: | Jan 10 2001 12:00AM |
| Credit: | This vulnerability was first announced by Greg KH <[email protected]> on January 10, 2001 via Bugtraq. |
| Vulnerable: |
Wirex Immunix OS 7.0 -Beta Redhat Linux 7.0 Mandriva Linux Mandrake 7.2 Mandriva Linux Mandrake 7.1 Mandriva Linux Mandrake 7.0 Mandriva Linux Mandrake 6.1 Mandriva Linux Mandrake 6.0 |
| Not Vulnerable: | |
Discussion
shadow-utils /etc/default Temp File Race Condition Vulnerability
shadow-utils is a freely available, open source software package available with most distributions of the Linux Operating System. shadow-utils provides a higher level of security to systems by providing stronger cryptography and secure account management tools.
A problem in the package could create the opportunity for a symbolic link attack. During execution of the passwd program, temporary files are created in the /etc/default directory. The files created in this directory use predictable filenames. In the event of the /etc/default directory being world writable, it is possible to create a range of symbolic links to files owned by another user that could overwrite or append to files that are write-accessible by the UID of the passwd process. This could make it possible for a user with malicious motives to overwrite or append to and corrupt files writable by the UID of the passwd process.
shadow-utils is a freely available, open source software package available with most distributions of the Linux Operating System. shadow-utils provides a higher level of security to systems by providing stronger cryptography and secure account management tools.
A problem in the package could create the opportunity for a symbolic link attack. During execution of the passwd program, temporary files are created in the /etc/default directory. The files created in this directory use predictable filenames. In the event of the /etc/default directory being world writable, it is possible to create a range of symbolic links to files owned by another user that could overwrite or append to files that are write-accessible by the UID of the passwd process. This could make it possible for a user with malicious motives to overwrite or append to and corrupt files writable by the UID of the passwd process.
Exploit / POC
shadow-utils /etc/default Temp File Race Condition Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
shadow-utils /etc/default Temp File Race Condition Vulnerability
Solution:
Upgrades available:
Mandriva Linux Mandrake 6.0
Mandriva Linux Mandrake 6.1
Mandriva Linux Mandrake 7.0
Wirex Immunix OS 7.0 -Beta
Mandriva Linux Mandrake 7.1
Mandriva Linux Mandrake 7.2
Solution:
Upgrades available:
Mandriva Linux Mandrake 6.0
-
MandrakeSoft 6.0 i386 shadow-utils-980403-7.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.0/RPMS/shadow-u tils-980403-7.1mdk.i586.rpm
Mandriva Linux Mandrake 6.1
-
MandrakeSoft 6.1 i386 shadow-utils-980403-7.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/6.1/RPMS/shadow-u tils-980403-7.1mdk.i586.rpm
Mandriva Linux Mandrake 7.0
-
MandrakeSoft 7.0 i386 shadow-utils-19990827-4.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.0/RPMS/shadow-u tils-19990827-4.1mdk.i586.rpm
Wirex Immunix OS 7.0 -Beta
-
Wirex 7.0 i386 shadow-utils-19990827-18_StackGuard_2.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/shadow-utils-19 990827-18_StackGuard_2.i386.rpm
Mandriva Linux Mandrake 7.1
-
MandrakeSoft 7.1 i386 shadow-utils-19990827-4.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.1/RPMS/shadow-u tils-19990827-4.1mdk.i586.rpm
Mandriva Linux Mandrake 7.2
-
MandrakeSoft 7.2 i386 shadow-utils-19990827-8.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/7.2/RPMS/shadow-u tils-19990827-8.1mdk.i586.rpm
References
shadow-utils /etc/default Temp File Race Condition Vulnerability
References:
References: