lio-utils Debug Mode Insecure Temporary File Creation Vulnerability
BID:51242
Info
lio-utils Debug Mode Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 51242 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 03 2012 12:00AM |
| Updated: | Jan 03 2012 12:00AM |
| Credit: | Aurelien Jarno |
| Vulnerable: |
lio-utils lio-utils 4.1 |
| Not Vulnerable: | |
Discussion
lio-utils Debug Mode Insecure Temporary File Creation Vulnerability
lio-utils is prone to a vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks.
Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.
lio-utils 4.1 is vulnerable; other versions may also be affected.
lio-utils is prone to a vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks.
Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.
lio-utils 4.1 is vulnerable; other versions may also be affected.
Exploit / POC
lio-utils Debug Mode Insecure Temporary File Creation Vulnerability
An attacker can use readily available commands to exploit this issue.
An attacker can use readily available commands to exploit this issue.
Solution / Fix
lio-utils Debug Mode Insecure Temporary File Creation Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
lio-utils Debug Mode Insecure Temporary File Creation Vulnerability
References:
References:
- lio-utils Homepage (RisingTide Systems)
- lio-utils: debug is enabled by default, allowing symlink attacks (Aurelien Jarno)