Netperf Insecure Temporary File Creation Vulnerability
BID:22925
Info
Netperf Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 22925 |
| Class: | Race Condition Error |
| CVE: |
CVE-2007-1444 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 12 2007 12:00AM |
| Updated: | May 12 2015 07:29PM |
| Credit: | This vulnerability was discovered by Ben Hutchings. |
| Vulnerable: |
Netperf Netperf 2.4.3 |
| Not Vulnerable: | |
Discussion
Netperf Insecure Temporary File Creation Vulnerability
The Netperf 'netperf.debug' file creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Version 2.4.3 is vulnerable to this issue; other versions may also be affected.
The Netperf 'netperf.debug' file creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Version 2.4.3 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Netperf Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
Netperf Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Netperf Insecure Temporary File Creation Vulnerability
References:
References: