KNOPPIX Qt temporary files race condition
| knoppix-qt-race-condition (12560) |  Medium Risk |
Description:
KNOPPIX is vulnerable to a race condition when creating Qt library temporary files that could allow a local attacker to launch a symlink attack. A local attacker could create a symbolic link from the /tmp directory to any known file on the system to overwrite the file, and possibly gain elevated privileges or cause a denial of service.
Consequences:
File Manipulation
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Tue Jul 08 2003 - 10:48:51 CDT: Qt temporary files race condition in Knoppix 3.1.
- BID-8139: Knoppix QT Insecure Temporary File Creation Vulnerability
- CVE-2003-0524: Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory.
Platforms Affected:
- KNOPPIX KNOPPIX 3.1
Reported:
Jul 08, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net