Xastir Insecure Temporary File Creation Vulnerabilities

Bugtraq ID:	31030
Class:	Design Error
CVE:	CVE-2008-4987
Remote:	No
Local:	Yes
Published:	Sep 05 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Dmitry E. Oboukhov
Vulnerable:	XASTIR XASTIR 1.9.2 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:

Xastir Insecure Temporary File Creation Vulnerabilities

Xastir creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Xastir Insecure Temporary File Creation Vulnerabilities

An attacker uses readily available commands to exploit these issues.

Xastir Insecure Temporary File Creation Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

Xastir Insecure Temporary File Creation Vulnerabilities

References:

• Debian Bug report logs - #496390 (Dmitry E. Oboukhov)
  
• Insecure tmp files in Debian packages (Dmitry E. Oboukhov)
  
• XASTIR Homepage (XASTIR)