FreeRADIUS Dialup Admin Insecure Temporary File Creation Vulnerabilities
BID:30901
Info
FreeRADIUS Dialup Admin Insecure Temporary File Creation Vulnerabilities
| Bugtraq ID: | 30901 |
| Class: | Design Error |
| CVE: |
CVE-2008-4474 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 24 2008 12:00AM |
| Updated: | Dec 18 2008 11:31PM |
| Credit: | Dmitry E. Oboukhov |
| Vulnerable: |
SuSE Linux 11 SuSE Linux 10.3 SuSE Linux 10.2 Pardus Linux 2008 0 FreeRADIUS FreeRADIUS 2.0.4 |
| Not Vulnerable: | |
Discussion
FreeRADIUS Dialup Admin Insecure Temporary File Creation Vulnerabilities
FreeRADIUS creates temporary files in an insecure manner. The issues affect the Dialup Admin tools.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
The issue affects FreeRADIUS 2.0.4; other versions may also be affected.
FreeRADIUS creates temporary files in an insecure manner. The issues affect the Dialup Admin tools.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
The issue affects FreeRADIUS 2.0.4; other versions may also be affected.
Exploit / POC
FreeRADIUS Dialup Admin Insecure Temporary File Creation Vulnerabilities
An attacker uses readily available commands to exploit these issues.
An attacker uses readily available commands to exploit these issues.
Solution / Fix
FreeRADIUS Dialup Admin Insecure Temporary File Creation Vulnerabilities
Solution:
Fixes are available. Please see the references for more information.
Solution:
Fixes are available. Please see the references for more information.
References
FreeRADIUS Dialup Admin Insecure Temporary File Creation Vulnerabilities
References:
References:
- #496389 The possibility of attack with the help of symlinks in some Debian packa (Debian)
- FreeRADIUS Homepage (FreeRADIUS)
- Package: freeradius-dialupadmin (2.0.4+dfsg-5) (Debian)
- Dialup Admin Administration interface (FreeRADIUS)