mirrorselect symlink attack
| mirrorselect-symlink (18382) |  Medium Risk |
Description:
mirrorselect creates temporary files in the /tmp directory with predictable file names. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file, which could allow the attacker to create or overwrite files on the system with elevated privileges.
Consequences:
File Manipulation
Remedy:
For Gentoo Linux:
Upgrade to the latest version of mirrorselect (0.89 or later), as listed in Gentoo Linux Security Announcement GLSA 200412-05. See References.
References:
- BID-11835: Gentoo MirrorSelect Local Insecure File Creation Vulnerability
- CVE-2004-1167: mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
- GLSA-200412-05: mirrorselect: Insecure temporary file creation
- SA13392: Gentoo mirrorselect Insecure Temporary File Creation Vulnerability
Platforms Affected:
- Gentoo Linux
- Gentoo mirrorselect
Reported:
Dec 07, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net