shadow-utils /etc/default Temp File Race Condition Vulnerability

shadow-utils is a freely available, open source software package available with most distributions of the Linux Operating System. shadow-utils provides a higher level of security to systems by providing stronger cryptography and secure account management tools.

A problem in the package could create the opportunity for a symbolic link attack. During execution of the passwd program, temporary files are created in the /etc/default directory. The files created in this directory use predictable filenames. In the event of the /etc/default directory being world writable, it is possible to create a range of symbolic links to files owned by another user that could overwrite or append to files that are write-accessible by the UID of the passwd process. This could make it possible for a user with malicious motives to overwrite or append to and corrupt files writable by the UID of the passwd process.


Privacy Statement
Copyright 2010, SecurityFocus