ksymoops-gznm symlink attack
| ksymoops-symlink (16392) |  Medium Risk |
Description:
ksymoops is vulnerable to a symlink attack. Ksymoops-gznm copies files to the /tmp directory insecurely. A local attacker could create a symbolic link from a temporary file to an arbitrary file on the system, which could allow the attacker to delete files on the system, once a user, with root privileges, runs the ksymoops-gznm script.
Platforms Affected:
- MandrakeSoft, Mandrake Linux 10.0
- MandrakeSoft, Mandrake Linux 9.1
- MandrakeSoft, Mandrake Linux 9.2
- MandrakeSoft, Mandrake Linux Corporate Server 2.1
Remedy:
For Mandrake Linux:
Upgrade to the latest ksymoops package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:060 for more information.See References.
Mandrake Linux 9.1: 2.4.8-1.1.91mdk or later
Mandrake Linux 9.2: 2.4.9-2.1.92mdk or later
Mandrake Linux 10.0: 2.4.9-2.1.100mdk or later
Mandrake Linux Corporate Server 2.1: 2.4.5-1.1.C21mdk or later
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
File Manipulation
References:
- BID-10516: KSymoops KSymoops-GZNM Insecure Temporary File Handling Symbolic Link Vulnerability
- CVE-2004-0581: ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
- MDKSA-2004:060: Updated ksymoops packages fix symlink vulnerability
Reported:
Jun 10, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net