• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache Utilities Insecure Temporary File Creation Vulnerability

Bugtraq ID:	12308
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Jan 19 2005 12:00AM
Updated:	Jan 19 2005 12:00AM
Credit:	Javier Fernández-Sanguino Peña is credited with the discovery of this issue.
Vulnerable:	Apache Software Foundation Apache 1.3.33 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.2.8 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.2.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 1.3.32 + Gentoo Linux 1.4 + Gentoo Linux Apache Software Foundation Apache 1.3.31 + OpenPKG OpenPKG Current Apache Software Foundation Apache 1.3.29 + Apple Mac OS X 10.3.5 + Apple Mac OS X 10.2.7 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.2.7 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 Apache Software Foundation Apache 1.3.28 + Conectiva Linux 8.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + OpenBSD OpenBSD 3.4 + OpenPKG OpenPKG 1.3 Apache Software Foundation Apache 1.3.27 + HP HP-UX (VVOS) 11.0 4 + HP VirtualVault 4.6 + HP VirtualVault 4.5 + HP Webproxy 2.0 + Immunix Immunix OS 7+ + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 + OpenBSD OpenBSD 3.3 + OpenPKG OpenPKG Current + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Linux Advanced Work Station 2.1 + SGI IRIX 6.5.19 Apache Software Foundation Apache 1.3.26 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + OpenPKG OpenPKG 1.1 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 Apache Software Foundation Apache 1.3.25 Apache Software Foundation Apache 1.3.24 + OpenBSD OpenBSD 3.1 + Oracle Oracle HTTP Server 9.2 .0 + Oracle Oracle HTTP Server 9.0.1 + Oracle Oracle9i Application Server 9.0.2 + Oracle Oracle9i Application Server 1.0.2 .2 + Oracle Oracle9i Application Server 1.0.2 .1s + Oracle Oracle9i Application Server 1.0.2 + Slackware Linux 8.1 + Unisphere Networks SDX-300 2.0.3 Apache Software Foundation Apache 1.3.23 - IBM AIX 4.3 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + S.u.S.E. Linux 8.0 i386 + S.u.S.E. Linux 8.0 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 Apache Software Foundation Apache 1.3.22 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + OpenPKG OpenPKG 1.0 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha Apache Software Foundation Apache 1.3.20 - HP HP-UX 11.22 - HP HP-UX 11.20 + MandrakeSoft Single Network Firewall 7.2 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.3 + SGI IRIX 6.5.18 + SGI IRIX 6.5.17 + SGI IRIX 6.5.16 + SGI IRIX 6.5.15 + SGI IRIX 6.5.14 m + SGI IRIX 6.5.14 f + SGI IRIX 6.5.14 + SGI IRIX 6.5.13 m + SGI IRIX 6.5.13 f + SGI IRIX 6.5.13 + SGI IRIX 6.5.12 m + SGI IRIX 6.5.12 f + SGI IRIX 6.5.12 + Slackware Linux 8.0 + Sun Cobalt Control Station 4100CS + Sun Cobalt RaQ 550 + Sun Solaris 9_x86 Update 2 + Sun Solaris 9_x86 + Sun Solaris 9 + Sun SunOS 5.9 _x86 + Sun SunOS 5.9 Apache Software Foundation Apache 1.3.19 - Apple Mac OS X 10.0.3 - Caldera OpenLinux 2.4 + Debian Linux 2.3 - Digital (Compaq) TRU64/DIGITAL UNIX 5.0 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f + EnGarde Secure Linux 1.0.1 - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 4 - HP HP-UX 11.0 - HP HP-UX 10.20 + HP Secure OS software for Linux 1.0 - HP VirtualVault 4.5 + MandrakeSoft Linux Mandrake 8.1 - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 - NetBSD NetBSD 1.5.1 - NetBSD NetBSD 1.5 + OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 + OpenBSD OpenBSD 3.0 - RedHat Linux 7.1 - RedHat Linux 7.0 - RedHat Linux 6.2 + S.u.S.E. Linux 7.2 i386 + S.u.S.E. Linux 7.2 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.1 + S.u.S.E. Linux 7.0 sparc + S.u.S.E. Linux 7.0 ppc + S.u.S.E. Linux 7.0 i386 + S.u.S.E. Linux 7.0 alpha + S.u.S.E. Linux 7.0 + S.u.S.E. Linux 6.4 ppc + S.u.S.E. Linux 6.4 i386 + S.u.S.E. Linux 6.4 alpha + S.u.S.E. Linux 6.4 - SCO eDesktop 2.4 - SCO eServer 2.3.1 - SGI IRIX 6.5.9 - SGI IRIX 6.5.8 - Sun Solaris 8 - Sun Solaris 7.0 Apache Software Foundation Apache 1.3.18 Apache Software Foundation Apache 1.3.17 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + OpenBSD OpenBSD 2.8 + S.u.S.E. Linux 7.1 Apache Software Foundation Apache 1.3.14 + EnGarde Secure Linux 1.0.1 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 - MandrakeSoft Single Network Firewall 7.2 + SGI IRIX 6.5.11 + SGI IRIX 6.5.10 + SGI IRIX 6.5.9 + SGI IRIX 6.5.8 + SGI IRIX 6.5.7 + SGI IRIX 6.5.6 + SGI IRIX 6.5.5 + SGI IRIX 6.5.4 + SGI IRIX 6.5.3 + SGI IRIX 6.5.2 + SGI IRIX 6.5.1 + SGI IRIX 6.5 Apache Software Foundation Apache 1.3.12 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + OpenBSD OpenBSD 2.8 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + S.u.S.E. Linux 7.0 sparc + S.u.S.E. Linux 7.0 + Sun Cobalt ManageRaQ v2 3599BD + Sun Cobalt Qube3 4000WG + Sun Cobalt RaQ XTR 3500R + Sun Cobalt RaQ4 3001R Apache Software Foundation Apache 1.3.11 Apache Software Foundation Apache 1.3.9 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + NetScreen NetScreen-Global PRO Express Policy Manager Server + NetScreen NetScreen-Global PRO Policy Manager Server + Sun Solaris 8_x86 + Sun Solaris 8 + Sun SunOS 5.8 _x86 + Sun SunOS 5.8 Apache Software Foundation Apache 1.3.7 -dev Apache Software Foundation Apache 1.3.6 + Sun Cobalt ManageRaQ3 3000R-mr + Sun Cobalt RaQ3 3000R + Sun Cobalt Velociraptor Apache Software Foundation Apache 1.3.4 + BSDI BSD/OS 4.0 Apache Software Foundation Apache 1.3.3 + RedHat Linux 5.2 sparc + RedHat Linux 5.2 i386 + RedHat Linux 5.2 alpha Apache Software Foundation Apache 1.3.1 Apache Software Foundation Apache 1.3 + Apple Mac OS X 10.3.2 + Apple Mac OS X 10.3.1 + Apple Mac OS X 10.3 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2 + Apple Mac OS X 10.1.5 + Apple Mac OS X 10.1.4 + Apple Mac OS X 10.1.3 + Apple Mac OS X 10.1.2 + Apple Mac OS X 10.1.1 + Apple Mac OS X 10.1 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 - Microsoft Windows 2000 Professional - Microsoft Windows NT 4.0
Not Vulnerable: