SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
BID:9457
Info
SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
| Bugtraq ID: | 9457 |
| Class: | Race Condition Error |
| CVE: |
CVE-2004-2097 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 20 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of these vulnerabilities have been credited to l0om <[email protected]>. |
| Vulnerable: |
S.u.S.E. Linux Personal 9.0 |
| Not Vulnerable: | |
Discussion
SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
Multiple scripts that are shipped with SuSE 9.0 have been reported prone to insecure temporary file creation and symbolic link vulnerabilities. The following scripts have been reported vulnerable:
/usr/X11R6/bin/fvwm-bug
/usr/X11R6/bin/wm-oldmenu2new
/usr/X11R6/bin/x11perfcomp
/usr/X11R6/bin/xf86debug
/opt/kde3/bin/winpopup-send.sh
/sbin/lvmcreate_initrd
An attacker may exploit these issues to corrupt arbitrary files. This corruption may potentially result in the elevation of privileges, or in a system wide denial of service.
Multiple scripts that are shipped with SuSE 9.0 have been reported prone to insecure temporary file creation and symbolic link vulnerabilities. The following scripts have been reported vulnerable:
/usr/X11R6/bin/fvwm-bug
/usr/X11R6/bin/wm-oldmenu2new
/usr/X11R6/bin/x11perfcomp
/usr/X11R6/bin/xf86debug
/opt/kde3/bin/winpopup-send.sh
/sbin/lvmcreate_initrd
An attacker may exploit these issues to corrupt arbitrary files. This corruption may potentially result in the elevation of privileges, or in a system wide denial of service.
Exploit / POC
SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
There is no exploit required.
There is no exploit required.
Solution / Fix
SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
References:
References:
- S.u.S.E. Homepage (S.u.S.E.)
- [SuSE 9.0] possible symlink attacks in some scripts (l0om
) - Re: [SuSE 9.0] possible symlink attacks in some scripts (Thomas Biege
)