|
|
|
Vulnerability Note VU#105347
XMCD vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overviewxmcd is an x11/motif CD playing utility, in the public domain. cda, the command line interface to xmcd, executes with system administrator privileges. It is vulnerable to a symbolic link attack that may allow a local user to obtain administrator privileges.
I. Descriptioncda, the command line interface to xmcd, executes with system administrator privileges. It creates insecure temporary files with predictable names in /tmp, a world-writable directory.II. ImpactBy creating symbolic links with appropriate names, a local attacker may overwrite any writable file on the system. If the attacker can control the content of the overwritten files, elevation of privileges may result.III. SolutionApply vendor patches; see the Systems Affected section below.
Remove the setuid protection from cda.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Caldera | Not Vulnerable | 27-Sep-2001 |
| Debian | Not Vulnerable | 27-Sep-2001 |
| IBM | Unknown | 15-Nov-2001 |
| RedHat | Unknown | 15-Nov-2001 |
| Sequent | Unknown | 15-Nov-2001 |
| SuSE | Vulnerable | 24-Sep-2001 |
References
http://www.securityfocus.com/bid/3148
http://www.linuxsecurity.com/advisories/suse_advisory-1532.html
http://www.debian.org/security/2000/20001121a
Credit
This vulnerability was first reported by Paul Starzetz.
This document was last modified by Tim Shimeall.
Other Information
| Date Public | 08/23/2001 |
| Date First Published | 11/15/2001 11:16:11 AM |
| Date Last Updated | 11/15/2001 |
| CERT Advisory | |
| CVE Name | |
| Metric | 9.98 |
| Document Revision | 11 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
