17289 : shtool Reused Temp Files Symlink Arbitrary File Overwrite
Printer | http://osvdb.org/17289 | Email This | Edit Vulnerability

Views This Week

1

Views All Time

28

Info

Last Modified

6 months ago

Percent Complete

100%

Disclosure

Jun 11, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

shtool contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The problem is that the application creates and reuses temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Technical

shtool is used in a wide variety of products. Along with the products listed here, others may be vulnerable.

Solution

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Gentoo Linux

ocaml-mysql

1.0.3

GNU

shtool

2.0.1

OpenPKG

OpenPKG

2.3

References

Vendor Specific News/Changelog Entry: http://www.gnu.org/software/shtool/ChangeLog.txt
Related OSVDB ID: 16848
Other Advisory URL: http://www.debian.org/security/2005/dsa-789
http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml
http://www.ubuntulinux.org/support/documentation/usn/usn-171-1
http://www.zataz.net/adviso/shtool-05252005.txt
Vendor Specific Advisory URL: http://www.openpkg.org/security/OpenPKG-SA-2005.011-shtool.html
Secunia Advisory ID: 15496 15666 15668 16512 16631
CVE ID: 2005-1759 (see also: NVD)
Security Tracker: 1014059

Tools & Filters

Nessus	18465 18964 20578

Credit

Eric Romang - eromangzataz.net - ZATAZ Audit

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

User Status

Account
- Login
- Sign-Up

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use