OpenLDAP Gentoo GenCert.SH Script Insecure Temporary File Creation Vulnerability
BID:22195
Info
OpenLDAP Gentoo GenCert.SH Script Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 22195 |
| Class: | Design Error |
| CVE: |
CVE-2007-0476 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 23 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | Tavis Ormandy of the Gentoo Linux Security Team is credited with discovering this issue. |
| Vulnerable: |
Gentoo Linux |
| Not Vulnerable: | |
Discussion
OpenLDAP Gentoo GenCert.SH Script Insecure Temporary File Creation Vulnerability
OpenLDAP is creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
This issue affects Gentoo ebuild for OpenLDAP.
OpenLDAP is creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
This issue affects Gentoo ebuild for OpenLDAP.
Exploit / POC
OpenLDAP Gentoo GenCert.SH Script Insecure Temporary File Creation Vulnerability
An attacker can exploit this issue by gaining local interactive access to an affected computer.
An attacker can exploit this issue by gaining local interactive access to an affected computer.
Solution / Fix
OpenLDAP Gentoo GenCert.SH Script Insecure Temporary File Creation Vulnerability
Solution:
Please see the referenced vendor advisories for information on obtaining fixes.
Solution:
Please see the referenced vendor advisories for information on obtaining fixes.
References
OpenLDAP Gentoo GenCert.SH Script Insecure Temporary File Creation Vulnerability
References:
References:
- Gentoo Homepage (Gentoo)
- OpenLDAP Homepage (OpenLDAP)