[Full-disclosure] [ GLSA 200504-06 ] sharutils: Insecure temporary file creation

From: Luke Macken (lewk_at_gentoo.org)
Date: 04/07/05

  • Next message: David Malone: "[Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs" 
    Date: Wed, 6 Apr 2005 18:16:21 -0400
To: gentoo-announce@gentoo.org

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200504-06
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: Normal
         Title: sharutils: Insecure temporary file creation
          Date: April 06, 2005
          Bugs: #87939
            ID: 200504-06

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    The unshar utility is vulnerable to symlink attacks, potentially
    allowing a local user to overwrite arbitrary files.

    Background
    ==========

    sharutils is a collection of tools to deal with shar archives.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 app-arch/sharutils < 4.2.1-r11 >= 4.2.1-r11

    Description
    ===========

    Joey Hess has discovered that the program unshar, which is a part of
    sharutils, creates temporary files in a world-writable directory with
    predictable names.

    Impact
    ======

    A local attacker could create symbolic links in the temporary files
    directory, pointing to a valid file somewhere on the filesystem. When
    unshar is executed, this would result in the file being overwritten
    with the rights of the user running the utility, which could be the
    root user.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All sharutils users should upgrade to the latest version:

        # emerge --sync
        # emerge --ask --oneshot --verbose ">=app-arch/sharutils-4.2.1-r11"

    References
    ==========

      [ 1 ] Ubuntu Advisory
            http://www.ubuntulinux.org/support/documentation/usn/usn-104-1

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200504-06.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2005 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.0

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: David Malone: "[Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs"

    Relevant Pages
    Loading