SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability

Bugtraq ID:	25739
Class:	Design Error
CVE:	CVE-2007-3916
Remote:	No
Local:	Yes
Published:	Sep 19 2007 12:00AM
Updated:	Oct 15 2007 05:07PM
Credit:	This vulnerability was disclosed in a Debian package changelog.
Vulnerable:	SKK Openlab SKK Tools 1.2 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:

SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability

SKK Tools creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects SKK Tools 1.2; other versions may also be vulnerable.

SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability

An attacker uses readily available commands to exploit the issue.

SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability

Solution:
Please see the references for more information.

SKK Openlab SKK Tools skkdic-expr.c Insecure Temporary File Creation Vulnerability

References:

• CVE-2007-3916 (Debian)
  
• SKK Openlab Homepage (SKK Openlab)