Linux Mint Multiple Insecure Temporary File Creation Vulnerabilities

Bugtraq ID:	52562
Class:	Design Error
CVE:	CVE-2012-1566 CVE-2012-1567
Remote:	No
Local:	Yes
Published:	Mar 19 2012 12:00AM
Updated:	Mar 19 2012 12:00AM
Credit:	mscherer
Vulnerable:	Linux Mint Linux Mint 9 Linux Mint Linux Mint 8 Linux Mint Linux Mint 12 Linux Mint Linux Mint 11 Linux Mint Linux Mint 10
Not Vulnerable:

Linux Mint Multiple Insecure Temporary File Creation Vulnerabilities

Linux Mint is prone to multiple insecure temporary file-creation vulnerabilities.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks.

Successfully mounting a symbolic attack may allow the attacker to delete or modify sensitive files. Other attacks may also be possible.

Linux Mint Multiple Insecure Temporary File Creation Vulnerabilities

An attacker uses readily available commands to exploit these issues.

Linux Mint Multiple Insecure Temporary File Creation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Linux Mint Multiple Insecure Temporary File Creation Vulnerabilities

References:

• Linux Mint Homepage (Linux Mint)
  
• LinuxMint - temp file creation vulns in mintNanny and mintUpdate (Kurt Seifried)