Vulnerability Note VU#626919
Race condition in periodic
Overview
A race condition in the 'periodic' script allows local files to be overwritten. We believe that 'periodic' is typically used only with FreeBSD systems, though it may be installed on other systems.
Description
'periodic' is a script used in conjunction with cron to execute jobs at specified intervals. During ordinary work, periodic creates temporary files with predictable names of the form /tmp/periodic.$PID where $PID is the process identifier of the process running periodic. Because periodic is called by cron it runs with enhanced privileges. By polling the system for an executing instance of periodic, an intruder can exploit a race condition and create a symbolic link from /tmp/periodic.$PID to a file of the intruders choosing. The target file will be overwritten. |
Impact
An attacker or intruder who has write access to the local file system and who can discover the PIDs of other processes (both capabilities are typical for ordinary local users) can overwrite any file |
Solution
Apply a patch from your vendor. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| FreeBSD | Affected | 02 Nov 2000 | 13 Nov 2000 |
| Apple | Not Affected | 02 Nov 2000 | 13 Nov 2000 |
| BSDI | Not Affected | 02 Nov 2000 | 13 Nov 2000 |
| Compaq Computer Corporation | Not Affected | 02 Nov 2000 | 13 Nov 2000 |
| IBM | Not Affected | 02 Nov 2000 | 10 Jan 2001 |
| NetBSD | Not Affected | - | 02 Nov 2000 |
| OpenBSD | Not Affected | 01 Nov 2000 | 13 Nov 2000 |
| Caldera | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| Data General | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| Debian | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| Fujitsu | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| Hewlett Packard | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| NCR | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| NEC | Unknown | 02 Nov 2000 | 13 Nov 2000 |
| RedHat | Unknown | 02 Nov 2000 | 13 Nov 2000 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.FreeBSD.org/cgi/man.cgi?query=periodic&apropos=0&sektion=0&manpath=FreeBSD+5.0-current&format=html
- http://www.securityfocus.com/bid/2325
Credit
Our thanks to David Lary of SecureWorks for reporting this vulnerability to us and providing technical detail.
This document was written by Shawn Hernan.
Other Information
- CVE IDs: CAN-2000-0890
- Date Public: 13 Nov 2000
- Date First Published: 13 Nov 2000
- Date Last Updated: 28 Mar 2001
- Severity Metric: 0.21
- Document Revision: 14
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.