newsgate 'mkmailpost' Insecure Temporary File Creation Vulnerability
BID:30932
Info
newsgate 'mkmailpost' Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 30932 |
| Class: | Design Error |
| CVE: |
CVE-2008-4975 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 24 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Dmitry E. Oboukhov |
| Vulnerable: |
Debian newsgate 1.6 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
newsgate 'mkmailpost' Insecure Temporary File Creation Vulnerability
The 'newsgate' package creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects newsgate 1.6; other versions may also be affected.
The 'newsgate' package creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects newsgate 1.6; other versions may also be affected.
Exploit / POC
newsgate 'mkmailpost' Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit this issue.
An attacker uses readily available commands to exploit this issue.
Solution / Fix
newsgate 'mkmailpost' Insecure Temporary File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
newsgate 'mkmailpost' Insecure Temporary File Creation Vulnerability
References:
References:
- #496437 - The possibility of attack with the help of symlinks in some Debian pac (Dmitry E. Oboukhov)
- Insecure tmp files in Debian packages (Dmitry E. Oboukhov)
- newsgate Homepage (Debian)