IRIX cron and crontab Predictable /tmp Filename Vulnerability

A vulnerability exists in the creation of temporary files, in the crontab program included with IRIX, from SGI. crontab and cron each create predictably named files in /tmp. These appear to be created with the default umask of the system in the case of cron, and the user umask in the case of crontab. This could potentially allow the leaking of sensitive information, or the altering of a crontab while being edited, allowing arbitrary commands to be executed.

As the file names are predictable, one need only watch for the creation of a writable crontab temporary file, and alter its contents.


Privacy Statement
Copyright 2010, SecurityFocus