GNU Ed Insecure Temporary File Creation Vulnerability
BID:22129
Info
GNU Ed Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 22129 |
| Class: | Race Condition Error |
| CVE: |
CVE-2006-6939 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 19 2007 12:00AM |
| Updated: | Feb 08 2007 03:28AM |
| Credit: | Vendor reported about this vulnerability. |
| Vulnerable: |
Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 rPath rPath Linux 1 Redhat Fedora Core6 Redhat Fedora Core5 GNU Ed 0.2 |
| Not Vulnerable: |
GNU Ed 0.3 |
Discussion
GNU Ed Insecure Temporary File Creation Vulnerability
GNU ed creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
GNU ed 0.3 and prior versions are vulnerable to this issue.
GNU ed creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
GNU ed 0.3 and prior versions are vulnerable to this issue.
Exploit / POC
GNU Ed Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
References
GNU Ed Insecure Temporary File Creation Vulnerability
References:
References:
- GNU Homepage (GNU)
- ed temporary file symlink race CVE-2006-6939 (rPath)