gzip "gzexe" /tmp file symlink attack
| gzip-gzexe-tmp-symlink (7241) |  Medium Risk |
Description:
The 'gzexe' executable, which is part of the gzip package in Red Hat Linux could allow a local attacker to launch a symlink attack. The 'gzexe' executable creates files in the /tmp directory with predictable file names. A local attacker could use this vulnerability to create a symbolic link in the /tmp directory to overwrite other user¿s files on the system.
Consequences:
File Manipulation
Remedy:
For Red Hat Linux 5.0:
Upgrade to the latest version of gzip (1.2.4-10 or later), as listed in Red Hat Linux 5.0 General Errata. See References.
For Debian Linux:
Upgrade to the latest gzip packages, as listed below. Refer to DSA-308-1 for more information. See References.
Debian Linux 3.0 (woody): 1.3.2-3woody1 or later
Debian Linux 2.2 (potato): 1.2.4-33.2 or later
For Gentoo Linux:
Upgrade to the latest version of gzip (1.3.3-r2 or later), as listed in Gentoo Linux Security Announcement 200306-05. See References.
For Mandrake Linux:
Upgrade to the latest gzip package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:068 : gzip for more information. See References.
Mandrake Linux 8.2, 9.0, 9.1, Multi Network Firewall 8.2, and Corporate Server 2.1: 1.2.4a-11.2mdk or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Wed, 28 Jan 1998 21:41:53 +0100: GZEXE - the big problem.
- Caldera International, Inc. Security Advisory SA-1998.04: Caldera Security Advisory SA-1998.04: Vulnerabilities using gzexe.
- Gentoo Linux Security Announcement 200306-05: gzip. (From LinuxSecurity archive)
- Red Hat Linux 5.0 General Errata: gzip.
- BID-7845: GNU gzexe Temporary File Vulnerability
- CVE-1999-1332: gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
- DSA-308: gzip -- insecure temporary files
- MDKSA-2003:068: Updated gzip packages fix insecure temporary file creation
- OSVDB ID: 3812: gzip gzexe Insecure Temp File Creation
Platforms Affected:
- Debian Debian Linux 2.2
- Debian Debian Linux 3.0
- Gentoo Linux
- GNU gzip 1.2.4
- GNU gzip 1.2.4a
- MandrakeSoft Mandrake Linux 8.2
- MandrakeSoft Mandrake Linux 8.2 PPC
- MandrakeSoft Mandrake Linux 9.0
- MandrakeSoft Mandrake Linux 9.1 PPC
- MandrakeSoft Mandrake Linux 9.1
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft Mandrake Multi Network Firewall 8.2
- RedHat Linux 2.0
- RedHat Linux 2.1
- RedHat Linux 3.0
- RedHat Linux 4.0
- RedHat Linux 4.1
- RedHat Linux 4.2
- RedHat Linux 5.0
Reported:
Jan 28, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net