LMbench Insecure Temporary File Creation Vulnerabilities
BID:30913
Info
LMbench Insecure Temporary File Creation Vulnerabilities
| Bugtraq ID: | 30913 |
| Class: | Design Error |
| CVE: |
CVE-2008-4968 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 24 2008 12:00AM |
| Updated: | Sep 10 2009 07:11PM |
| Credit: | Dmitry E. Oboukhov |
| Vulnerable: |
LMbench LMbench 3.0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
LMbench Insecure Temporary File Creation Vulnerabilities
LMbench creates temporary files in an insecure manner because of multiple vulnerabilities.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
LMbench 3.0 is vulnerable; other versions may also be affected.
LMbench creates temporary files in an insecure manner because of multiple vulnerabilities.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
LMbench 3.0 is vulnerable; other versions may also be affected.
Exploit / POC
LMbench Insecure Temporary File Creation Vulnerabilities
An attacker uses readily available commands to exploit these issues.
An attacker uses readily available commands to exploit these issues.
Solution / Fix
LMbench Insecure Temporary File Creation Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
LMbench Insecure Temporary File Creation Vulnerabilities
References:
References:
- #496427 - The possibility of attack with the help of symlinks in some Debian pac (Dmitry E. Oboukhov)
- LMbench Homepage (LMbench)