ARB Multiple Insecure Temporary File Creation Vulnerabilities
BID:30895
Info
ARB Multiple Insecure Temporary File Creation Vulnerabilities
| Bugtraq ID: | 30895 |
| Class: | Design Error |
| CVE: |
CVE-2008-4941 CVE-2008-5378 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 28 2008 12:00AM |
| Updated: | Jul 06 2016 02:18PM |
| Credit: | Dmitry E. Oboukhov |
| Vulnerable: |
The ARB Project The ARB software 0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
ARB Multiple Insecure Temporary File Creation Vulnerabilities
ARB creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
ARB 0.0.20071207 is vulnerable; other versions may also be affected.
ARB creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
ARB 0.0.20071207 is vulnerable; other versions may also be affected.
Exploit / POC
ARB Multiple Insecure Temporary File Creation Vulnerabilities
An attacker uses readily available commands to exploit these issues.
An attacker uses readily available commands to exploit these issues.
Solution / Fix
ARB Multiple Insecure Temporary File Creation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ARB Multiple Insecure Temporary File Creation Vulnerabilities
References:
References:
- Insecure tmp files in Debian packages (Dmitry E. Oboukhov)
- Re: Possible mass bug filing: The possibility of attack with the help of symlink (Dmitry E. Oboukhov)
- Vendor Homepage (The ARB Project)