SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#191675

/usr/libexec/vi.recover script contains vulnerability allowing arbitrary zero-length files to be removed

Overview

The /usr/libexec/vi.recover script in OpenBSD has a vulnerability that could allow an attacker to remove arbitrary zero-length files, including device nodes.

I. Description

The /usr/libexec/vi.recover script in OpenBSD cleans up vi temp files and informs a user via email if a recovery file exists for an aborted vi session. The vi.recover script is reported to contain an unspecified vulnerability that may allow the removal of arbitrary zero-length files, including device nodes.

The vi.recover script in OpenBSD is a perl adaptation of a shell script from the nvi package, which is also reported to be vulnerable and may be present in other UNIX-based operating systems.

This vulnerability is fixed in OpenBSD 3.1.

II. Impact

An attacker may be able to remove arbitrary zero-length files. This could allow a local attacker to cause a local denial of service by removing devices or files that enable services.

III. Solution

Obtain a patch for your system from one the following URLs.


For OpenBSD-2.9:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch

For OpenBSD-3.0:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch

Another alternative is to remove /usr/libexec/vi.recover.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable31-Jul-2002
Cray Inc.Not Vulnerable31-Jul-2002
FreeBSDNot Vulnerable31-Jul-2002
FujitsuNot Vulnerable31-Jul-2002
OpenBSDVulnerable10-Dec-2002
SGINot Vulnerable31-Jul-2002
Sun Microsystems Inc.Not Vulnerable31-Jul-2002

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch

Credit

Thanks to Todd C. Miller for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public:2001-01-15
Date First Published:2002-09-16
Date Last Updated:2003-09-18
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:0.45
Document Revision:14

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader