Multiple scripts temporary file overwrite

script-temporary-file-overwrite (17583) The risk level is classified as MediumMedium Risk

Description:

Multiple scripts handle temporary files insecurely. A local attacker could use this vulnerability to overwrite arbitrary files on the system.

Programs affected include: gettext, GNU Ghostscript, glibc, GNU Groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, libc6, Avaya S8700/S8500/S8300, Avaya MN100, Avaya Intuity LX, Avaya Modular Messaging MSS, and postgresql.


Consequences:

File Manipulation

Remedy:

Apply the appropriate update for your system. See References.

References:

  • CIAC Information Bulletin P-030: Logical Volume Manager (LVM) Vulnerability.
  • CIAC Information Bulletin P-032: GZIP Insecure Temporary Files.
  • CIAC Information Bulletin P-086: Perl Insecure Temporary Files/Directories.
  • Fedora Update Notification FEDORA-2004-505: AppleTalk networking programs.
  • Fedora Update Notification FEDORA-2004-506: AppleTalk networking programs.
  • FLSA:136323: Updated gettext package fixes security issues.
  • Trustix Secure Linux Bugfix Advisory #2004-0050: Insecure tempfile handling.
  • ASA-2006-008: perl security update (RHSA-2005-881)
  • ASA-2006-101: UnixWare GhostScript Insecure Temporary File Creation Vulnerability (SCOSA-2006.23)
  • BID-11282: GNU GetText Unspecified Insecure Temporary File Creation Vulnerability
  • BID-11285: GhostScript Insecure Temporary File Creation Vulnerability
  • BID-11286: GNU GLibC Insecure Temporary File Creation Vulnerability
  • BID-11287: GNU Troff (Groff) Groffer Script Insecure Temporary File Creation Vulnerability
  • BID-11288: GNU GZip Unspecified Insecure Temporary File Creation Vulnerability
  • BID-11289: MIT Kerberos 5 SEND-PR.SH Insecure Temporary File Creation Vulnerability
  • BID-11290: Trustix LVM Utilities Unspecified Insecure Temporary File Creation Vulnerability
  • BID-11291: MySQL Unspecified Insecure Temporary File Creation Vulnerability
  • BID-11292: NetaTalk Unspecified Insecure Temporary File Creation Vulnerability
  • BID-11293: OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability
  • BID-11294: Perl Unspecified Insecure Temporary File Creation Vulnerability
  • BID-11295: PostgreSQL Insecure Temporary File Creation Vulnerability
  • CVE-2004-0966: The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0967: The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0968: The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0969: The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0970: The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
  • CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0972: The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0974: The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0976: Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
  • CVE-2004-0977: The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
  • DSA-577: postgresql -- insecure temporary file
  • DSA-583: lvm10 -- insecure temporary directory
  • DSA-588: gzip -- insecure temporary files
  • DSA-603: openssl -- insecure temporary file
  • DSA-620: perl -- insecure temporary files / directories
  • DSA-636: glibc -- insecure temporary files
  • GLSA-200410-10: gettext: Insecure temporary file handling
  • GLSA-200410-16: PostgreSQL: Insecure temporary file use in make_oidjoins_check
  • GLSA-200410-18: Ghostscript: Insecure temporary file use in multiple scripts
  • GLSA-200410-19: glibc: Insecure tempfile handling in catchsegv script
  • GLSA-200410-24: MIT krb5: Insecure temporary file use in send-pr.sh
  • GLSA-200410-25: Netatalk: Insecure tempfile handling in etc2ps.sh
  • GLSA-200411-15: OpenSSL, Groff: Insecure tempfile handling
  • GLSA-200411-22: Davfs2, lvm-user: Insecure tempfile handling
  • GLSA-200412-04: Perl: Insecure temporary file creation
  • MDKSA-2004:121: Updated netatalk packages fix temporary file vulnerability
  • MDKSA-2004:142: Updated gzip packages fix temporary file vulnerability
  • MDKSA-2004:144: Updated lvm1 packages fix temporary file vulnerability
  • MDKSA-2004:147: Updated openssl packages fix temporary file vulnerability
  • MDKSA-2004:149: Updated postgresql packages fix temporary file vulnerability
  • MDKSA-2004:159: Updated glibc packages fix temporary file vulnerability
  • MDKSA-2005:031: Updated perl packages fix multiple vulnerabilities
  • MDKSA-2006:038: Updated groff packages fix temporary file vulnerabilities
  • MDKSA-2006:051: Updated gettext packages fix temporary file vulnerabilities
  • OpenPKG-SA-2004.046: PostgreSQL
  • OpenPKG-SA-2004.055: gettext
  • OpenPKG-SA-2005.001: Perl File::Path
  • OSVDB ID: 10646: GNU gettext Multiple Script Temporary File Symlink Arbitrary File Overwrite
  • OSVDB ID: 11123: Netatalk etc2ps.sh Symlink Arbitrary File Modification
  • OSVDB ID: 11130: GNU Troff groffer.sh Symlink Arbitrary File Manipulation
  • OSVDB ID: 11392: LVM lvmcreate_initrd Symlink Arbitrary File Overwrite
  • OSVDB ID: 11536: gzip gzexe Symlink Arbitrary File Overwrite
  • OSVDB ID: 11543: gzip zdiff Symlink Arbitrary File Overwrite
  • OSVDB ID: 11544: gzip znew Symlink Arbitrary File Overwrite
  • OSVDB ID: 74389: GNU troff config.guess tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite
  • OSVDB ID: 74390: GNU troff contrib/groffer/perl/groffer.pl tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite
  • OSVDB ID: 74391: GNU troff contrib/groffer/perl/roff2.pl tempfile Function template Argument X Character Temporary File Symlink Arbitrary File Overwrite
  • RHSA-2004-489: rh-postgresql security update
  • RHSA-2004-586: glibc security update
  • RHSA-2005-012: krb5 security update
  • RHSA-2005-081: ghostscript security update
  • RHSA-2005-261: glibc security update
  • RHSA-2005-476: openssl security update
  • RHSA-2005-881: perl security update
  • SA12973: OpenSSL "der_chop" Script Insecure Temporary File Creation
  • SA13131: gzip Various Scripts Insecure Temporary File Creation
  • SA18075: Red Hat update perl

Platforms Affected:

  • Artifex Software GNU Ghostscript
  • Avaya Call Management System 2
  • Avaya Call Management System 3.0
  • Avaya Intuity Audix LX 1.1
  • Avaya MN100
  • Avaya Modular Messaging
  • Canonical Ubuntu 4.10
  • Conectiva Linux 10
  • Debian Debian Linux 3.0
  • FedoraProject Fedora Core 1
  • FedoraProject Fedora Core 2
  • FedoraProject Fedora Core 3
  • Gentoo Linux
  • GNU gettext
  • GNU glibc
  • GNU Groff
  • GNU gzip
  • Larry Wall Perl
  • MandrakeSoft Mandrake Linux 10.0 AMD64
  • MandrakeSoft Mandrake Linux 10.0
  • MandrakeSoft Mandrake Linux 10.1
  • MandrakeSoft Mandrake Linux 10.1 X86_64
  • MandrakeSoft Mandrake Linux 2006
  • MandrakeSoft Mandrake Linux 2006 X86_64
  • MandrakeSoft Mandrake Linux 9.2 AMD64
  • MandrakeSoft Mandrake Linux 9.2
  • MandrakeSoft Mandrake Linux LE2005
  • MandrakeSoft Mandrake Linux LE2005 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
  • MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0
  • MandrakeSoft Mandrake Multi Network Firewall 2.0
  • MandrakeSoft Mandrake Multi Network Firewall 8.2
  • MIT Kerberos
  • MySQL MySQL
  • netatalk netatalk
  • OpenPKG OpenPKG 2.1
  • OpenPKG OpenPKG 2.2
  • OpenPKG OpenPKG CURRENT
  • OpenSSL OpenSSL
  • PostgreSQL PostgreSQL
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 3 WS
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 Desktop
  • RedHat Enterprise Linux 4 WS
  • RedHat Enterprise Linux 4 AS
  • RedHat Enterprise Linux 4 Desktop
  • RedHat Enterprise Linux 4 ES
  • RedHat Linux 9.0
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • Trustix Enterprise Server 2
  • Trustix Secure Linux 1.5
  • Trustix Secure Linux 2.0
  • Trustix Secure Linux 2.1
  • Turbolinux Turbolinux 10 Desktop
  • Turbolinux Turbolinux 10 F...
  • Turbolinux Turbolinux 10 Server
  • Turbolinux Turbolinux 7 Server
  • Turbolinux Turbolinux 7 Workstation
  • Turbolinux Turbolinux 8 Server
  • Turbolinux Turbolinux 8 Workstation
  • Turbolinux Turbolinux Appliance Server 1.0
  • Turbolinux Turbolinux Home
  • Turbolinux Turbolinux Appliance Server 1.0 Hosting Ed
  • Turbolinux Turbolinux Appliance Server 1.0 Workgroup Ed
  • Ubuntu Linux libc6 2.3.2.ds1-13

Reported:

Sep 30, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page