SGMLtools Temporary File Permission Vulnerability
BID:2506
Info
SGMLtools Temporary File Permission Vulnerability
| Bugtraq ID: | 2506 |
| Class: | Origin Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 14 2001 12:00AM |
| Updated: | Mar 14 2001 12:00AM |
| Credit: | This vulnerability was first announced to Bugtraq in a RedHat Security Advisory on March 14, 2001. |
| Vulnerable: |
Cees De Groot SGMLtools 1.0.9 Cees De Groot SGMLtools 1.0.7 |
| Not Vulnerable: | |
Discussion
SGMLtools Temporary File Permission Vulnerability
SGMLtools was originally written by Cees de Groot. The SGMLtools package is designed to give users a customizable document markup and maintenance interface.
The package contains a vulnerability that could allow file reading, and potentially appending or overwriting. While manipulating documents, the package creates files in the /tmp directory with insecure permissions. This makes it possible to read, and potentially write to the files while the SGMLtools program is still being used, which could result in the contents being written to the being created.
This problem makes it possible for a malicious local user to read the contents of a file being created with SGMLtools, and potentially overwrite and corrupt the documents of other users.
SGMLtools was originally written by Cees de Groot. The SGMLtools package is designed to give users a customizable document markup and maintenance interface.
The package contains a vulnerability that could allow file reading, and potentially appending or overwriting. While manipulating documents, the package creates files in the /tmp directory with insecure permissions. This makes it possible to read, and potentially write to the files while the SGMLtools program is still being used, which could result in the contents being written to the being created.
This problem makes it possible for a malicious local user to read the contents of a file being created with SGMLtools, and potentially overwrite and corrupt the documents of other users.
Exploit / POC
SGMLtools Temporary File Permission Vulnerability
To exploit this vulnerability, an attacker must monitor the /tmp file system and the process table for a user of the affected program. Once a user executes the program, the attacker can read and potentially write to the file in the /tmp directory.
To exploit this vulnerability, an attacker must monitor the /tmp file system and the process table for a user of the affected program. Once a user executes the program, the attacker can read and potentially write to the file in the /tmp directory.
Solution / Fix
SGMLtools Temporary File Permission Vulnerability
Solution:
Upgrades available:
Cees De Groot SGMLtools 1.0.7
Cees De Groot SGMLtools 1.0.9
Solution:
Upgrades available:
Cees De Groot SGMLtools 1.0.7
-
Red Hat Inc. 5.2 alpha sgml-tools-1.0.7-1.1.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/sgml-tools-1.0.7-1.1.alpha.rpm -
Red Hat Inc. 5.2 i386 sgml-tools-1.0.7-1.1.i386.rpm
ftp://updates.redhat.com/5.2/i386/sgml-tools-1.0.7-1.1.i386.rpm -
Red Hat Inc. 5.2 sparc sgml-tools-1.0.7-1.1.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/sgml-tools-1.0.7-1.1.sparc.rpm
Cees De Groot SGMLtools 1.0.9
-
MandrakeSoft 1.0.1 i386 sgml-tools-1.0.9-8.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS /sgml-tools-1.0.9-8.2mdk.i586.rpm -
MandrakeSoft 6.0 i386 sgml-tools-1.0.9-3.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/s gml-tools-1.0.9-3.1mdk.i586.rpm -
MandrakeSoft 6.1 i386 sgml-tools-1.0.9-3.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/s gml-tools-1.0.9-3.1mdk.i586.rpm -
MandrakeSoft 7.1 i386 sgml-tools-1.0.9-8.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/s gml-tools-1.0.9-8.2mdk.i586.rpm -
MandrakeSoft 7.2 i386 sgml-tools-1.0.9-8.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/s gml-tools-1.0.9-8.1mdk.i586.rpm -
Red Hat Inc. 6.2 alpha sgml-tools-1.0.9-6.2.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/sgml-tools-1.0.9-6.2.alpha.rpm -
Red Hat Inc. 6.2 i386 sgml-tools-1.0.9-6.2.i386.rpm
ftp://updates.redhat.com/6.2/i386/sgml-tools-1.0.9-6.2.i386.rpm -
Red Hat Inc. 6.2 sparc sgml-tools-1.0.9-6.2.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/sgml-tools-1.0.9-6.2.sparc.rpm -
Red Hat Inc. 7.0 alpha sgml-tools-1.0.9-9.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/sgml-tools-1.0.9-9.alpha.rpm -
Red Hat Inc. 7.0 i386 sgml-tools-1.0.9-9.i386.rpm
ftp://updates.redhat.com/7.0/i386/sgml-tools-1.0.9-9.i386.rpm
References
SGMLtools Temporary File Permission Vulnerability
References:
References: