FreeBSD periodic /tmp File Race Condition Vulnerability

FreeBSD is a freely available, open source implementation of the BSD-UNIX Operating system, maintained and distributed by the BSD Project. Periodic is a timed execution package included with recent release of the operating system.

A problem in the periodic implementation could allow an attacker to append to and corrupt files with write access granted only to the superuser. When cron is executed, it normally calls periodic to execute the commands according to their timed sequence. However, when the process is spawned, files are created in the /tmp directory in an insecure manner, allowing for prediction and brute force guessing of future file names.

This problem makes it possible for a local user with malicious motives to symbolicially link access restricted files and append output to them, resulting in the corruption of the file.


 

Privacy Statement
Copyright 2010, SecurityFocus