teTeX Filters Temporary File Race Condition Vulnerability

teTeX is a TeX distribution for UNIX compatible systems.

A race condition vulnerability exists in the temporary file handling method used by some teTeX filters. The problem exists because in some cases temporary files are created world-writeable with a predictable filename based on the process ID of the filter. If an attacker is able to determine the name of a temporary file used during the program's operation, a symbolic link could be created pointing to a file writeable by the user running the filter.

When the filters are used by an application that runs with elevated privileges such as LPRng, the potential impact of the attack could become more significant. A local attacker could exploit this vulnerability to cause LPRng to execute arbitrary commands with its elevated privileges.

The vulnerability is related to BID 2865.


 

Privacy Statement
Copyright 2010, SecurityFocus