mm tmpfile symlink attack

mm-tmpfile-symlink (9719)

Medium Risk

Description:

OSSP mm is vulnerable to a race condition in the temporary file creation that could allow a local attacker to launch a symlink attack. A local attacker could exploit this vulnerability by creating symbolic links to overwrite or create new files on the system with root privileges, if shell access to the Apache run-time user, typically as a "nobody" user, is already obtained.

Consequences:

File Manipulation

Remedy:

Upgrade to the latest version of mm (1.2.1 or later) as listed in the OSSP. Unix Software Technologies Web site. See References.

For OpenPKG:
Upgrade to the latest version of mm, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2002.007 for more information. See References.

OpenPKG 1.0: 1.1.3-1.0.1 or later
OpenPKG CURRENT: 1.2.0 or later

For Mandrake Linux:
Upgrade to the latest mm package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2002:045 : mm for more information. See References.

Linux-Mandrake 7.1, 7.2, Corporate Server 1.0.1 and Single Network Firewall 7.2: 1.1.3-8.5mdk or later
Mandrake Linux 8.0 and 8.0 (PPC): 1.1.3-8.4mdk or later
Mandrake Linux 8.1 and 8.1 (IA64): 1.1.3-9.1mdk or later
Mandrake Linux 8.2 and 8.2 (PPC): 1.1.3-9.1mdk or later

For Debian GNU/Linux:
Upgrade to the latest mm package, as listed below. Refer to DSA 137-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 1.0.11-1.2 or later
Debian GNU/Linux 3.0 (woody): 1.1.3-6.1 or later

For Caldera OpenLinux 3.1 and 3.1.1 Workstation and Server:
Upgrade to the latest mm package (1.1.3-6 or later), as listed in Caldera Systems, Inc. Security Advisory CSSA-2002-032.0. See References.

For Red Hat Linux 7.0, 7.1 7.2, and 7.3:
Upgrade to the latest mm package (1.1.3-8 or later), as listed in RHSA-2002:153-07. See References.

For SuSE Linux:
Upgrade to the latest mm package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2002:028 for more information. See References.

SuSE Linux: 7.2 and 8.0 (Intel): 1.1.3-290 or later
SuSE Linux: 7.3 (Intel): 1.1.3-292 or later
SuSE Linux: 7.1 (Intel): 1.1.3-293 or later
SuSE Linux: 7.0 (Intel): 1.1.1-61 or later
SuSE Linux: 7.3 (Sparc): 1.1.3-163 or later
SuSE Linux: 7.1 (AXP): 1.1.3-165 or later
SuSE Linux: 7.3 (Power PC): 1.1.3-202 or later
SuSE Linux: 7.1 (Power PC): 1.1.3-203 or later
SuSE Linux: 7.0 (Power PC): 1.1.1-73 or later

For FreeBSD Ports Collection:
Upgrade to the latest ports collection, as listed in FreeBSD Security Notice FreeBSD-SN-02:05. See References.

For HP-UX 11.00, 11.11, 11.20, and 11.22 :
Upgrade to the version of OpenSSL, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0208-217. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• Caldera International, Inc. Security Advisory CSSA-2002-032.0: temporary file races in libmm.
• CIAC Information Bulletin 0-171: Hewlett Packard OpenSSL Potential Vulnerabilities.
• FreeBSD Security Notice FreeBSD-SN-02:05 : security issues in ports.
• OSSP. Unix Software Technologies Web site: OSSP - OSSP mm.
• BID-5352: MM Shared Memory Library Temporary File Privilege Escalation Vulnerability
• CVE-2002-0658: OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
• DSA-137: mm -- insecure temporary files
• MDKSA-2002:045: Updated mm packages fix temporary file vulnerability
• OpenPKG-SA-2002.007: OSSP mm
• RHSA-2002-153: Updated mm packages fix temporary file handling
• RHSA-2002-154: mm security update
• RHSA-2003-158: Updated mm packages fix temporary file handling

Platforms Affected:

• Debian Debian Linux 2.2
• Debian Debian Linux 3.0
• FreeBSD FreeBSD Ports Collection
• HP HP-UX 11.00
• HP HP-UX 11.11
• HP HP-UX 11.20
• HP HP-UX 11.22
• MandrakeSoft Mandrake Linux 7.1
• MandrakeSoft Mandrake Linux 7.2
• MandrakeSoft Mandrake Linux 8.0 PPC
• MandrakeSoft Mandrake Linux 8.0
• MandrakeSoft Mandrake Linux 8.1
• MandrakeSoft Mandrake Linux 8.1 IA64
• MandrakeSoft Mandrake Linux 8.2 PPC
• MandrakeSoft Mandrake Linux 8.2
• MandrakeSoft Mandrake Linux Corporate Server 1.0.1
• MandrakeSoft Mandrake Single Network Firewall 7.2
• OpenPKG OpenPKG 1.0
• OpenPKG OpenPKG CURRENT
• OSSP mm prior to 1.2.0
• RedHat Enterprise Linux 2.1 AS
• RedHat Linux 7
• RedHat Linux 7.1
• RedHat Linux 7.1 for iSeries
• RedHat Linux 7.1 for pSeries
• RedHat Linux 7.2
• RedHat Linux 7.3

Reported:

Jul 29, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page