Info

Disclosure

Aug 23, 2004

Discovery

Unknown

Dates

Exploit

Aug 23, 2004

Solution

Unknown

Description

IMWheel contains a flaw that may allow a malicious user to take control of the temporary file on the server. The issue is triggered when IMWheel creates an insecure temporary file (imwheel.pid) which manages the running IMWheel processes. It is possible that the flaw may allow a local attacker to escalate priveleges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

IMWheel

1.0.0pre11

References

Security Tracker: 1011049
Bugtraq ID: 11008
Secunia Advisory ID: 12349
ISS X-Force ID: 17082
CVE ID: 2004-2698 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0914.html
Vendor URL: http://imwheel.sourceforge.net/
Vendor Specific News/Changelog Entry: http://imwheel.sourceforge.net/files/DEVELOPMENT.txt
Other Advisory URL: http://www.caughq.org/advisories/CAU-2004-0002.txt

Credit

Druid - druidcaughq.org -

Direct URL: http://osvdb.org/36218