Vulnerability Note VU#191675
/usr/libexec/vi.recover script contains vulnerability allowing arbitrary zero-length files to be removed
OverviewThe /usr/libexec/vi.recover script in OpenBSD has a vulnerability that could allow an attacker to remove arbitrary zero-length files, including device nodes.
I. DescriptionThe /usr/libexec/vi.recover script in OpenBSD cleans up vi temp files and informs a user via email if a recovery file exists for an aborted vi session. The vi.recover script is reported to contain an unspecified vulnerability that may allow the removal of arbitrary zero-length files, including device nodes.
The vi.recover script in OpenBSD is a perl adaptation of a shell script from the nvi package, which is also reported to be vulnerable and may be present in other UNIX-based operating systems.
This vulnerability is fixed in OpenBSD 3.1.
II. ImpactAn attacker may be able to remove arbitrary zero-length files. This could allow a local attacker to cause a local denial of service by removing devices or files that enable services.
III. SolutionObtain a patch for your system from one the following URLs.
For OpenBSD-2.9:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch
For OpenBSD-3.0:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch
Another alternative is to remove /usr/libexec/vi.recover.
Systems Affected
References
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch
Credit
Thanks to Todd C. Miller for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| Date Public | 01/15/2001 12:44:09 PM |
| Date First Published | 09/16/2002 05:50:26 PM |
| Date Last Updated | 09/18/2003 |
| CERT Advisory | |
| CVE Name | |
| Metric | 0.45 |
| Document Revision | 14 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
