ISS X-Force Database: script-temporary-file-overwrite(17583): Multiple scripts temporary file overwrite

Multiple scripts temporary file overwrite

script-temporary-file-overwrite (17583)

Medium Risk

Description:

Multiple scripts handle temporary files insecurely. A local attacker could use this vulnerability to overwrite arbitrary files on the system.

Programs affected include: gettext, GNU Ghostscript, glibc, GNU Groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, libc6, Avaya S8700/S8500/S8300, Avaya MN100, Avaya Intuity LX, Avaya Modular Messaging MSS, and postgresql.

Platforms Affected:

Artifex Software, GNU Ghostscript
Avaya, Call Management System 2
Avaya, Call Management System 3.0
Avaya, Intuity Audix LX 1.1
Avaya, MN100
Avaya, Modular Messaging
Canonical, Ubuntu 4.10
Conectiva, Linux 10
Debian, Debian Linux 3.0
FedoraProject, Fedora Core 1
FedoraProject, Fedora Core 2
FedoraProject, Fedora Core 3
Gentoo, Linux
GNU, gettext
GNU, glibc
GNU, groff
GNU, gzip
Larry Wall, Perl
MandrakeSoft, Mandrake Linux 10.0 AMD64
MandrakeSoft, Mandrake Linux 10.0
MandrakeSoft, Mandrake Linux 10.1
MandrakeSoft, Mandrake Linux 10.1 X86_64
MandrakeSoft, Mandrake Linux 2006
MandrakeSoft, Mandrake Linux 2006 X86_64
MandrakeSoft, Mandrake Linux 9.2 AMD64
MandrakeSoft, Mandrake Linux 9.2
MandrakeSoft, Mandrake Linux LE2005
MandrakeSoft, Mandrake Linux LE2005 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 2.1
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 3.0
MandrakeSoft, Mandrake Multi Network Firewall 2.0
MandrakeSoft, Mandrake Multi Network Firewall 8.2
MIT, Kerberos
MySQL, MySQL
OpenPKG, OpenPKG 2.1
OpenPKG, OpenPKG 2.2
OpenPKG, OpenPKG CURRENT
OpenSSL, OpenSSL
PostgreSQL, PostgreSQL
RedHat, Enterprise Linux 2.1 WS
RedHat, Enterprise Linux 2.1 ES
RedHat, Enterprise Linux 2.1 AS
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 4 AS
RedHat, Enterprise Linux 4 Desktop
RedHat, Enterprise Linux 4 WS
RedHat, Enterprise Linux 4 ES
RedHat, Linux 9.0
RedHat, Linux Advanced Workstation 2.1 Itanium
SourceForge, netatalk
Trustix, Enterprise Server 2
Trustix, Secure Linux 1.5
Trustix, Secure Linux 2.0
Trustix, Secure Linux 2.1
Turbolinux, Turbolinux 10 Desktop
Turbolinux, Turbolinux 10 F...
Turbolinux, Turbolinux 10 Server
Turbolinux, Turbolinux 7 Server
Turbolinux, Turbolinux 7 Workstation
Turbolinux, Turbolinux 8 Server
Turbolinux, Turbolinux 8 Workstation
Turbolinux, Turbolinux Appliance Server 1.0
Turbolinux, Turbolinux Home
Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
Ubuntu Linux, libc6 2.3.2.ds1-13andprior

Remedy:

Apply the appropriate update for your system. See References.

Consequences:

File Manipulation

References:

CIAC Information Bulletin P-030, Logical Volume Manager (LVM) Vulnerability at http://www.ciac.org/ciac/bulletins/p-030.shtml.
CIAC Information Bulletin P-032, GZIP Insecure Temporary Files at http://www.ciac.org/ciac/bulletins/p-032.shtml.
CIAC Information Bulletin P-086, Perl Insecure Temporary Files/Directories at http://www.ciac.org/ciac/bulletins/p-086.shtml.
Fedora Update Notification FEDORA-2004-505, AppleTalk networking programs at http://www.linuxsecurity.com/content/view/117395/102/.
Fedora Update Notification FEDORA-2004-506, AppleTalk networking programs at http://www.linuxsecurity.com/content/view/117396/102/.
FLSA:136323, Updated gettext package fixes security issues at http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00000.html.
Trustix Secure Linux Bugfix Advisory #2004-0050, Insecure tempfile handling at http://archives.neohapsis.com/archives/bugtraq/2004-09/0439.html.
ASA-2006-008: perl security update (RHSA-2005-881)
ASA-2006-101: UnixWare GhostScript Insecure Temporary File Creation Vulnerability (SCOSA-2006.23)
BID-11282: GNU GetText Unspecified Insecure Temporary File Creation Vulnerability
BID-11285: GhostScript Insecure Temporary File Creation Vulnerability
BID-11286: GNU GLibC Insecure Temporary File Creation Vulnerability
BID-11287: GNU Troff (Groff) Groffer Script Insecure Temporary File Creation Vulnerability
BID-11288: GNU GZip Unspecified Insecure Temporary File Creation Vulnerability
BID-11289: MIT Kerberos 5 SEND-PR.SH Insecure Temporary File Creation Vulnerability
BID-11290: Trustix LVM Utilities Unspecified Insecure Temporary File Creation Vulnerability
BID-11291: MySQL Unspecified Insecure Temporary File Creation Vulnerability
BID-11292: NetaTalk Unspecified Insecure Temporary File Creation Vulnerability
BID-11293: OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability
BID-11294: Perl Unspecified Insecure Temporary File Creation Vulnerability
BID-11295: PostgreSQL Insecure Temporary File Creation Vulnerability
CVE-2004-0966: The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0967: The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0968: The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0969: The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0970: The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0972: The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0974: The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0975: The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0976: Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0977: The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
DSA-577: postgresql -- insecure temporary file
DSA-583: lvm10 -- insecure temporary directory
DSA-588: gzip -- insecure temporary files
DSA-603: openssl -- insecure temporary file
DSA-620: perl -- insecure temporary files / directories
DSA-636: glibc -- insecure temporary files
GLSA-200410-10: gettext: Insecure temporary file handling
GLSA-200410-16: PostgreSQL: Insecure temporary file use in make_oidjoins_check
GLSA-200410-18: Ghostscript: Insecure temporary file use in multiple scripts
GLSA-200410-19: glibc: Insecure tempfile handling in catchsegv script
GLSA-200410-24: MIT krb5: Insecure temporary file use in send-pr.sh
GLSA-200410-25: Netatalk: Insecure tempfile handling in etc2ps.sh
GLSA-200411-15: OpenSSL, Groff: Insecure tempfile handling
GLSA-200411-22: Davfs2, lvm-user: Insecure tempfile handling
GLSA-200412-04: Perl: Insecure temporary file creation
MDKSA-2004:121: Updated netatalk packages fix temporary file vulnerability
MDKSA-2004:142: Updated gzip packages fix temporary file vulnerability
MDKSA-2004:144: Updated lvm1 packages fix temporary file vulnerability
MDKSA-2004:147: Updated openssl packages fix temporary file vulnerability
MDKSA-2004:149: Updated postgresql packages fix temporary file vulnerability
MDKSA-2004:159: Updated glibc packages fix temporary file vulnerability
MDKSA-2005:031: Updated perl packages fix multiple vulnerabilities
MDKSA-2006:038: Updated groff packages fix temporary file vulnerabilities
MDKSA-2006:051: Updated gettext packages fix temporary file vulnerabilities
OpenPKG-SA-2004.046: PostgreSQL
OpenPKG-SA-2004.055: gettext
OpenPKG-SA-2005.001: Perl File::Path
RHSA-2004-489: rh-postgresql security update
RHSA-2004-586: glibc security update
RHSA-2005-012: krb5 security update
RHSA-2005-081: ghostscript security update
RHSA-2005-261: glibc security update
RHSA-2005-476: openssl security update
RHSA-2005-881: perl security update
SA12973: OpenSSL "der_chop" Script Insecure Temporary File Creation
SA13131: gzip Various Scripts Insecure Temporary File Creation
SA18075: Red Hat update perl

Reported:

Sep 30, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page