gpm /tmp File Race Condition Vulnerability

gpm is a software package designed to provide console mouse support, and is distributed with most versions of the Linux Operating System. A problem in the package could allow a race condition.

The problem is in the creation and handling of /tmp files by the gpm package. gpm will under some circumstances create files in the /tmp directory. The files created in the /tmp directory are created insecurely, as they first use a predictable filename and do not check for the existance of previously existing files. It is therefore possible for a user with malicious motives to create symbolic links to files that the UID of the gpm process (normally running as root) has write access to and either overwrite, or append to and corrupt the linked files.


Privacy Statement
Copyright 2010, SecurityFocus