linuxconf /tmp File Race Condition Vulnerability

linuxconf is a powerful configuration tool available for various distributions of the Linux Operating System. A problem exists which could potentially allow a race condition and symbolic link attack.

The problem occurs in the creation of /tmp files by linuxconf. The vpop3d program, which is part of the linuxconf package, creates /tmp files in an insecure manner under some circumstances. This could result in guessing of the filename of a future /tmp file, and the creation of a symbolic link to a file writable by the user executing linuxconf, which is normally root. A user with malicious motives could use this vulnerability to potentially overwrite or append to system files.


Privacy Statement
Copyright 2010, SecurityFocus