Legato NetWorker NSR_Shutdown Script Temporary File Symlink Attack Vulnerability
BID:9446
Info
Legato NetWorker NSR_Shutdown Script Temporary File Symlink Attack Vulnerability
| Bugtraq ID: | 9446 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 19 2004 12:00AM |
| Updated: | Jan 19 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Rene <[email protected]>. |
| Vulnerable: |
Legato NetWorker 6.0 |
| Not Vulnerable: | |
Discussion
Legato NetWorker NSR_Shutdown Script Temporary File Symlink Attack Vulnerability
Legato NetWorker has been reported prone to a Symbolic link vulnerability. The issue presents itself, because a NetWorker script creates temporary files in an insecure manner. To exploit this issue, a local attacker may create many symbolic links in the "tmp" directory, each of these links will point to an arbitrary file that the attacker wishes to target. When the vulnerable script is invoked, operations that were supposed for the temporary file will be carried out on the file that is linked by the malicious symbolic link.
Legato NetWorker has been reported prone to a Symbolic link vulnerability. The issue presents itself, because a NetWorker script creates temporary files in an insecure manner. To exploit this issue, a local attacker may create many symbolic links in the "tmp" directory, each of these links will point to an arbitrary file that the attacker wishes to target. When the vulnerable script is invoked, operations that were supposed for the temporary file will be carried out on the file that is linked by the malicious symbolic link.
Exploit / POC
Legato NetWorker NSR_Shutdown Script Temporary File Symlink Attack Vulnerability
No exploit is required.
No exploit is required.