Lookup Insecure Temporary File Creation Vulnerability

Bugtraq ID:	23026
Class:	Race Condition Error
CVE:	CVE-2007-0237
Remote:	No
Local:	Yes
Published:	Mar 19 2007 12:00AM
Updated:	Dec 18 2007 08:04PM
Credit:	Tatsuya Kinoshita discovered this vulnerability.
Vulnerable:	Lookup Lookup 1.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:

Lookup Insecure Temporary File Creation Vulnerability

Lookup creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.

Lookup version 1.4 is vulnerable to this issue; other versions may also be affected.

Lookup Insecure Temporary File Creation Vulnerability

An attacker uses readily available commands to exploit the issue.

Lookup Insecure Temporary File Creation Vulnerability

Solution:
Please see the references for more information.

Lookup Insecure Temporary File Creation Vulnerability

References:

• Lookup-el Debian package page (Debian)