OSVDB ID: 94872

Title: InterWorx Import / Restore Feature Crafted Archive Restoration Handling Symlink Local Arbitrary File Access

Info

Disclosure

May 28, 2013

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 20, 2013

Description

InterWorx contains a flaw as the Import and Restore features creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against a specially crafted archive restoration to gain access to arbitrary files.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Authentication Required

Solution

It has been reported that this issue has been fixed. Upgrade to version 4.11.6 #475, 5.0.5 #516, or higher, to address this vulnerability.

Products

InterWorx LLC

InterWorx

4.11.6
5.0.5

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/94872