Tripwire Information for VU#349019
Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file
- Vendor Information Help Date Notified: 09 Oct 2001
- Statement Date:
- Date Updated: 29 Oct 2001
The vulnerability exists in Tripwire versions prior to 2.4.0 and commercial customers should be encouraged to upgrade to the most current shipping product, version 2.4.2. Open Source and ASR users should upgrade to Open Source version 2.3.1-2 or later (see http://www.sourceforge.net/projects/tripwire for the latest information) or apply the documented code fixes to their particular release and recompile. In version Commercial 2.4.x and Open Source 2.3.1-2, the O_EXCL flag is used
when opening temporary files, to insure the temporary file does not already exist, thus making the exploit much more difficult.
In version, 2.4.0 and greater, we have implemented a variable that allows a user to specify a Tripwire specific temp directory whose permissions can be set to only be writeable by tripwire (typically run as root). The traditional /tmp directory is writeable by world which enables the various exploits. Setting TEMPDIRECTORY to a directory whose permissions are closely controlled removes any possibility of a non-root user using temp directory exploits to modify tripwire behavior.
Tripwire, Inc. has been actively developing a commercial version of Tripwire for Servers which is fully verified and maintained for a wide variety of hardware and software platforms. We recommend the use of Tripwire's commercial software in any environment where secure, supported, commercial quality software is required. For more information about Tripwire's commercial data and network integrity solutions, go to www.tripwire.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.