Joined: 12 May 2004
|Posted: Fri Jun 17, 2005 2:20 pm Post subject: [ GLSA 200506-13 ] webapp-config: Insecure temporary file ha
|Gentoo Linux Security Advisory
Title: webapp-config: Insecure temporary file handling (GLSA 200506-13)
Date: June 17, 2005
Updated: December 30, 2007
The webapp-config utility insecurely creates temporary files in a world writable directory, potentially allowing the execution of arbitrary commands.
webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications.
Vulnerable: < 1.11
Unaffected: >= 1.11
Architectures: All supported architectures
Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition.
Successful exploitation of the race condition would allow an attacker to disrupt the operation of webapp-config, or execute arbitrary shell commands with the privileges of the user running webapp-config. A local attacker could use a symlink attack to create or overwrite files with the permissions of the user running webapp-config.
There is no known workaround at this time.
All webapp-config users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/webapp-config-1.11"
Last edited by GLSA on Mon Dec 31, 2007 4:17 am; edited 3 times in total