sdiff /tmp File Race Condition Vulnerability

diffutils is a cornerstone package of all Linux distributions. It is a freely available, open source, publicly maintained software package available through the GNU.

A problem in the sdiff program included with diffutils could create a race condition. This vulnerability is in the creation and handling of files in the /tmp directory. Under certain circumstances, sdiff will create files in the /tmp directory, which is done insecurely by first not checking for the existance of the file, and additionally by using a predictable filename. It is possible to create a range of symbolic links to a file that is write-accessible to the user executing the sdiff program, thus resulting in a symbolic link attack if the sdiff program attempts to create one of the predicted filenames.

The result is the possibility of a user with malicious motives overwriting or appending to and corrupting a file that is write-accessible by the UID of the sdiff process.


Privacy Statement
Copyright 2010, SecurityFocus