RETIRED: AFFLib GetLock Local Race Condition Vulnerability

Bugtraq ID:	23696
Class:	Race Condition Error
CVE:	CVE-2007-2056
Remote:	No
Local:	Yes
Published:	Apr 27 2007 12:00AM
Updated:	Apr 30 2007 09:00PM
Credit:	Timothy D. Morgan is credited with the discovery of this issue.
Vulnerable:	Basis Technology Corp. AFFLIB 2.2.7
Not Vulnerable:	Basis Technology Corp. AFFLIB 2.2.8

RETIRED: AFFLib GetLock Local Race Condition Vulnerability

AFFLIB is prone to a local race-condition vulnerability.

An attacker can exploit this issue to cause arbitrary files to be overwritten. A successful exploit will result in denial-of-service conditions.

Versions prior to 2.2.6 are vulnerable.

UPDATE: This BID is being retired because information provided by the vendor shows that the application is not prone to this vulnerability.

RETIRED: AFFLib GetLock Local Race Condition Vulnerability

To exploit this issue, an attacker must have local interactive access on an affected computer.

RETIRED: AFFLib GetLock Local Race Condition Vulnerability

Solution:
The vendor has released version 2.2.8 to address this issue. Please see the references for more information.


Basis Technology Corp. AFFLIB 2.2.7

• Basis Technology Corp. afflib-2.2.8.tar.gz
  http://www.afflib.org/downloads/afflib-2.2.8.tar.gz

RETIRED: AFFLib GetLock Local Race Condition Vulnerability

References:

• AFFLIB Homepage (AFFLIB)
  
• AFFLIB(TM): Time-of-Check-Time-of-Use File Race (VSR Advisories)