TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
BID:26072
Info
TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
| Bugtraq ID: | 26072 |
| Class: | Design Error |
| CVE: |
CVE-2007-5377 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 15 2007 12:00AM |
| Updated: | Mar 13 2008 02:11AM |
| Credit: | Stefan Monnier discovered these issues. |
| Vulnerable: |
GNU Tramp 2.1.10 Gentoo Linux |
| Not Vulnerable: |
GNU Tramp 2.1.11 |
Discussion
TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
The TRAMP extension for Emacs creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Versions prior to TRAMP 2.1.11 are vulnerable.
The TRAMP extension for Emacs creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Versions prior to TRAMP 2.1.11 are vulnerable.
Exploit / POC
TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
To exploit these issues, an attacker uses readily available commands.
To exploit these issues, an attacker uses readily available commands.
Solution / Fix
TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
Solution:
The vendor released TRAMP 2.1.11 to address these issues. Please see the references for more information.
Solution:
The vendor released TRAMP 2.1.11 to address these issues. Please see the references for more information.
References
TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
References:
References:
- temp file hole? (Stefan Monnier)
- Tramp Homepage (GNU)