Synaesthesia Insecure File Creation Vulnerability
BID:9713
Info
Synaesthesia Insecure File Creation Vulnerability
| Bugtraq ID: | 9713 |
| Class: | Environment Error |
| CVE: |
CVE-2004-0160 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 22 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this issue is credited to Ulf Harnhammar. |
| Vulnerable: |
Synaesthesia Synaesthesia 2.2 Synaesthesia Synaesthesia 2.1.2 Synaesthesia Synaesthesia 2.1.1 Synaesthesia Synaesthesia 2.1 .0 |
| Not Vulnerable: | |
Discussion
Synaesthesia Insecure File Creation Vulnerability
An insecure file creation vulnerability exists in Synaesthesia. This issue arises due to the creation of a configuration file by the process while running with root privileges.
A local attacker could exploit this issue by creating a symbolic link with the name of the insecurely created file pointing to a target system file. Upon execution, the Synaesthesia software will then write to the configuration file symbolic link, potentially destroying sensitive data, which could result in denial of service.
An insecure file creation vulnerability exists in Synaesthesia. This issue arises due to the creation of a configuration file by the process while running with root privileges.
A local attacker could exploit this issue by creating a symbolic link with the name of the insecurely created file pointing to a target system file. Upon execution, the Synaesthesia software will then write to the configuration file symbolic link, potentially destroying sensitive data, which could result in denial of service.
Exploit / POC
Synaesthesia Insecure File Creation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Synaesthesia Insecure File Creation Vulnerability
Solution:
Debian has released advisory DSA 446-1 dealing with this issue. Please see the referenced advisory for more information.
Fixes:
Synaesthesia Synaesthesia 2.1 .0
Solution:
Debian has released advisory DSA 446-1 dealing with this issue. Please see the referenced advisory for more information.
Fixes:
Synaesthesia Synaesthesia 2.1 .0
-
Debian synaesthesia_2.1-2.1woody1_alpha.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_alpha.deb -
Debian synaesthesia_2.1-2.1woody1_arm.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_arm.deb -
Debian synaesthesia_2.1-2.1woody1_hppa.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_hppa.deb -
Debian synaesthesia_2.1-2.1woody1_i386.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_i386.deb -
Debian synaesthesia_2.1-2.1woody1_m68k.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_m68k.deb -
Debian synaesthesia_2.1-2.1woody1_mips.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_mips.deb -
Debian synaesthesia_2.1-2.1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_powerpc.deb -
Debian synaesthesia_2.1-2.1woody1_s390.deb
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthes ia_2.1-2.1woody1_s390.deb
References
Synaesthesia Insecure File Creation Vulnerability
References:
References:
- Synaesthesia Home Page (Paul Harrison)