mgetty /tmp File Race Condition Vulnerability

mgetty is a freely available, publicly maintained software package designed to handle dialin and fax services on the Linux Operating System. A problem exists with could allow a symbolic link attack.

The problem occurs in the handling of files created in the /tmp directory. During execution of the program, files are created in the /tmp directory. However, these files are created in an insecure manner, which makes it possible to guess the filename of a future /tmp file. This makes it possible for a user with malicious motives to create a number of symbolic links in the /tmp directory, and potentially append to or overwrite system files that are write-accessible to the UID executing mgetty, normally root.


Privacy Statement
Copyright 2010, SecurityFocus