CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
BID:26369
Info
CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 26369 |
| Class: | Race Condition Error |
| CVE: |
CVE-2007-4129 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 07 2007 12:00AM |
| Updated: | Nov 07 2007 09:45PM |
| Credit: | Steve Grubb is credited with the discovery of this vulnerability. |
| Vulnerable: |
Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server CoolKey CoolKey 1.0.1 CoolKey CoolKey 1.0 |
| Not Vulnerable: |
CoolKey CoolKey 1.1 |
Discussion
CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
CoolKey creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks to alter the permissions of an arbitrary attacker-specified file, such as '/etc/shadow'. This could facilitate a complete compromise of the affected computer.
CoolKey creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks to alter the permissions of an arbitrary attacker-specified file, such as '/etc/shadow'. This could facilitate a complete compromise of the affected computer.
Exploit / POC
CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
CoolKey CoolKey 1.0
CoolKey CoolKey 1.0.1
Solution:
The vendor released an update to address this issue. Please see the references for more information.
CoolKey CoolKey 1.0
-
CoolKey coolkey-1.1.0.tar.gz
http://directory.fedora.redhat.com/download/coolkey/coolkey-1.1.0.tar. gz
CoolKey CoolKey 1.0.1
-
CoolKey coolkey-1.1.0.tar.gz
http://directory.fedora.redhat.com/download/coolkey/coolkey-1.1.0.tar. gz
References
CoolKey PK11IPC1 Insecure Temporary File Creation Vulnerability
References:
References:
- CoolKey Homepage (CoolKey)
- Red Hat Security Advisory RHSA-2007:0631-4 (Red Hat )