UUDeview Insecure Temporary File Creation Vulnerability

Bugtraq ID:	9857
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 12 2004 12:00AM
Updated:	Mar 12 2004 12:00AM
Credit:	This vulnerability was announced in a vendor advisory.
Vulnerable:	UUDeview UUDeview 0.5.19 + OpenPKG OpenPKG 2.0 UUDeview UUDeview 0.5.18 + OpenPKG OpenPKG 1.3
Not Vulnerable:	UUDeview UUDeview 0.5.20

UUDeview Insecure Temporary File Creation Vulnerability

UUDeview is prone to an issue that may allow malicious local users to corrupt system files, most likely resulting in loss of data or a denial of service.

The source of this vulnerability is that the utility creates temporary files in an insecure manner. This type of vulnerability may potentially allow for elevation of privileges in situations where an attacker could influence what is written or appended during this operation. The possibility of privilege escalation has not been confirmed in this instance.

UUDeview Insecure Temporary File Creation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

UUDeview Insecure Temporary File Creation Vulnerability

Solution:
OpenPKG have released a security advisory (OpenPKG-SA-2004.006) and fixes to address this issue. Please see referenced advisory for further details.


UUDeview UUDeview 0.5.18

• OpenPKG uudeview-0.5.18-1.3.1.src.rpm
  OpenPKG 1.3
  ftp://ftp.openpkg.org/release/1.3/UPD/uudeview-0.5.18-1.3.1.src.rpm

UUDeview UUDeview 0.5.19

• OpenPKG uudeview-0.5.19-2.0.1.src.rpm
  OpenPKG 2.0
  ftp://ftp.openpkg.org/release/2.0/UPD/uudeview-0.5.19-2.0.1.src.rpm

UUDeview Insecure Temporary File Creation Vulnerability

References: