R 'javareconf' Insecure Temporary File Creation Vulnerability
BID:30878
Info
R 'javareconf' Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 30878 |
| Class: | Design Error |
| CVE: |
CVE-2008-3931 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 24 2008 12:00AM |
| Updated: | Apr 13 2015 09:55PM |
| Credit: | Dmitry E. Oboukhov |
| Vulnerable: |
R Foundation R 2.7.2 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
R 'javareconf' Insecure Temporary File Creation Vulnerability
R creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
R 2.7.2 is vulnerable; other versions may also be affected.
R creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
R 2.7.2 is vulnerable; other versions may also be affected.
Exploit / POC
R 'javareconf' Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit this issue.
An attacker uses readily available commands to exploit this issue.
Solution / Fix
R 'javareconf' Insecure Temporary File Creation Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0
Solution:
Vendor updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva lib64Rmath-2.6.2-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64Rmath-devel-2.6.2-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva R-base-2.6.2-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva lib64Rmath-2.5.1-3.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64Rmath-devel-2.5.1-3.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva R-base-2.5.1-3.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva libRmath-2.6.2-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libRmath-devel-2.6.2-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva R-base-2.6.2-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva libRmath-2.5.1-3.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libRmath-devel-2.5.1-3.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva R-base-2.5.1-3.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
References
R 'javareconf' Insecure Temporary File Creation Vulnerability
References:
References: