CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#227312

Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files

Overview

Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host.

I. Description

Alladin Ghostscript is a previewer for postscript files. It creates temporary files using the mktemp() call, which creates files with predictable names based on the process number for the process running Ghostscript. The prior existence and ownership of the temporary file is not checked by the mktemp() call.

II. Impact

By creating a symbolic link with the appropriate name, an attacker may overwrite any file writable by the user running Ghostscript. This is particularly dangerous for the root account, which could lead to overwriting of system files, including the password file, and raising of the attacker's access privileges.

III. Solution

Apply vendor patches; see the Systems Affected section below.

Systems Affected
VendorStatusDate Updated
CalderaVulnerable26-Jun-2001
ConectivaVulnerable2-Jul-2001
DebianVulnerable2-Jul-2001
ImmunixVulnerable2-Jul-2001
MandrakeSoftVulnerable26-Jun-2001
RedHatVulnerable26-Jun-2001
SuSEVulnerable21-Aug-2001

References

http://www.kb.cert.org/vuls/id/704976
http://www.securityfocus.com/bid/1990
http://www.linuxsecurity.com/advisories/redhat_advisory-909.html
http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt
http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html
http://www.debian.org/security/2000/20001123
http://www.linuxsecurity.com/advisories/other_advisory-919.html
http://www.linuxsecurity.com/advisories/other_advisory-957.html
http://www.linuxsecurity.com/advisories/suse_advisory-879.html

Credit

Dr. Werner Fink of SuSE first reported this vulnerability.

This document was last modified by Tim Shimeall.

Other Information

Date Public11/22/2000
Date First Published08/21/2001 09:59:51 AM
Date Last Updated08/21/2001
CERT Advisory 
CVE NameCVE-2000-1162
Metric4.05
Document Revision11

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University