Globus Toolkit /tmp directory symlink

globus-tmp-symlink (28410) The risk level is classified as MediumMedium Risk

Description:

Globus Toolkit could allow a local attacker to launch a symlink attack. Various applications create insecure temporary files in the /tmp directory. A local attacker could exploit this vulnerability to create symbolic links from these files to other files on the system, which could allow the attacker to overwrite arbitrary files with elevated privileges.

Platforms Affected:

  • Globus Project and Globus Toolkit, Globus Toolkit 3.2x
  • Globus Project and Globus Toolkit, Globus Toolkit 4.0.x
  • Globus Project and Globus Toolkit, Globus Toolkit 4.1.0

Remedy:

Upgrade to the latest version of Globus Toolkit (3.2.1 or later) or (4.0.2 or later or later), available from the Globus Toolkit Web site. See References.

Consequences:

File Manipulation

References:

  • Globus Security-Announce Mailing List, Tue, 15 Aug 2006 13:02:17 -0500 (CDT) , Temporary File Handling Vulnerability at http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html.
  • Globus Toolkit Web site, Globus Toolkit 4.0.2 Download at http://www.globus.org/toolkit/downloads/4.0.2/.
  • BID-19549: Globus Toolkit Multiple Local Temporary File Handling Vulnerabilities
  • CVE-2006-4233: Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
  • SA21516: Globus Toolkit Multiple Vulnerabilities
  • VUPEN/ADV-2006-3290: Globus Toolkit Local Information Disclosure and Multiple File Manipulation Vulnerabilities

Reported:

Aug 15, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page