Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability

Bugtraq ID:	30927
Class:	Design Error
CVE:	CVE-2008-4936
Remote:	No
Local:	Yes
Published:	Aug 29 2008 12:00AM
Updated:	Dec 11 2008 03:31AM
Credit:	Dmitry E. Oboukhov
Vulnerable:	Gert Doering mgetty 1.1.36 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:

Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability

Mgetty creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Mgetty 1.1.36 is vulnerable; other versions may also be affected.

Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability

An attacker uses readily available commands to exploit this issue.

Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability

Solution:
Updates are available. Please see the references for more information.

Mgetty 'faxspool' Insecure Temporary File Creation Vulnerability

References:

• #496403 - The possibility of attack with the help of symlinks in some Debian pac (Dmitry E. Oboukhov)
  
• Insecure tmp files in Debian packages (Dmitry E. Oboukhov)
  
• Mgetty Homepage (Gert Doering)