|
|
|
Vulnerability Note VU#424080
shadow-utils useradd creates temporary files insecurely
OverviewShadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an attacker may be able to use a symbolic link attack to overwrite arbitrary files.
I. DescriptionThe useradd program calls the passwd program, which stores temporary files with predictable names in /etc/default, a protected directory. The program does not check for prior existence or ownership of these files. Useradd normally runs with setuid root privileges.II. ImpactIf /etc/default is changed to be world-writable, an attacker may be able to create a symbolic link with predictable name, and point it to any writable file on the system. This may cause corruption of the file.III. SolutionApply vendor patches; see the Systems Affected section below.
Change /etc/default to not be world-writable.
Systems Affected
References
http://www.securityfocus.com/bid/2196
http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-007.php3?dis=7.2
http://www.linuxsecurity.com/advisories/other_advisory-1034.html
Credit
This vulnerability was first reported by Greg Kroah-Hartman
This document was last modified by Tim Shimeall.
Other Information
| Date Public | 01/10/2001 |
| Date First Published | 11/08/2001 01:16:46 PM |
| Date Last Updated | 11/08/2001 |
| CERT Advisory | |
| CVE Name | CAN-2001-0120 |
| Metric | 0.30 |
| Document Revision | 10 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
