Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
BID:23014
Info
Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 23014 |
| Class: | Race Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 19 2007 12:00AM |
| Updated: | Mar 19 2007 06:24PM |
| Credit: | This vulnerability was disclosed by the vendor. |
| Vulnerable: |
Linux Security Auditing Tool Linux Security Auditing Tool 0.9.2 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
The Linux Security Auditing Tool creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Version 0.9.2 is vulnerable to this issue; other versions may also be affected.
The Linux Security Auditing Tool creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Version 0.9.2 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
References:
References:
- Linux Security Auditing Tool Homepage (Linux Security Auditing Tool)