Apache /tmp File Race Vulnerability

Apache web server is a popular http daemon, distributed with many variants of the UNIX Operating System and maintained by the Apache Project. Immunix is a hardened Linux distribution maintained by the Immunix team at the WireX Corporation.

A problem has been discovered in the Apache httpd distributed with the Immunix Linux distribution, a distribution based off the RedHat Linux distribution. Apache programs htdigest and htpasswd are used to offer advanced features to users of the web server. However, these two helper programs insecurely create files in the /tmp directory, which could allow for /tmp file guessing. This makes it possible for a user with malicious motives to symlink attack files writable by the UID of the Apache process.


Privacy Statement
Copyright 2010, SecurityFocus