NVClock set_default_speeds() function symlink
| nvclock-setdefaultspeeds-symlink (35584) |  Medium Risk |
Description:
NVClock could allow a local attacker to launch a symlink attack. The set_default_speeds() function in src/backend/backend.c creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to other files on the system, which would allow the attacker to execute arbitrary code on the vulnerable system with root prvileges.
Platforms Affected:
- Gentoo, Linux
- LinuxHardware.org, NVClock 0.7 and prior
Remedy:
Upgrade to the latest version of NVClock (0.8b2 or later), available from the LinuxHardware Web site. See References.
Consequences:
File Manipulation
References:
- LinuxHardware Web site, NVClock at http://www.linuxhardware.org/nvclock/.
- BID-25052: NVClock Local Privilege Escalation Vulnerability
- CVE-2007-3531: The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
- GLSA-200707-08: NVClock: Insecure file usage
- SA26208: NVClock "set_default_speeds()" Insecure Temporary Files
Reported:
Jul 24, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net