OSVDB ID: 18595

Title: Lantonix Secure Console Server listen_fifo_server Symlink Arbitrary Privileged File Overwrite

Info

Disclosure

Aug 05, 2005

Discovery

Unknown

Dates

Exploit

Aug 05, 2005

Solution

Unknown

Description

Lantronix Secure Console Server contains a flaw that may allow a malicious local user to modify arbitrary files on the system. Due to insecure permissions set on the /tmp directory, an attacker can exploit a race condition against the creation of the /tmp/listen_fifo_server pipe to modify arbitrary files on the system resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to firmware version 4.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Lantronix	Lantronix Secure Console Server	SCS820
		SCS1620
		SCS3205
		SCS4805

References

Secunia Advisory ID: 16345
Related OSVDB ID: 18596 18597
Keyword: An open security advisory #11
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0137.html
Other Advisory URL: http://open-security.org/advisories/11
Vendor URL: http://www.lantronix.com

Credit

c0ntex - c0ntexopen-security.org - Open Security Group

Direct URL: http://osvdb.org/36218