wu-ftpd /tmp File Race Condition Vulnerability

wu-ftpd is an open source, freely available ftp daemon software package included with many distributions of the Linux Operating System. A problem in the software could allow a race condition.

The problem occurs in the creation and handling of files in the /tmp directory. The program privatepw within the software package creates files within the /tmp directory insecurely, first by using a predictable naming scheme for the files, and additionally by not checking for the existance of the file. It is possible to create a range of symbolic links using variants of the name of the wu-ftpd /tmp filename. This problem could allow a user to overwrite or append to and corrupt a file that the UID of the wu-ftpd process has write access to. The wu-ftpd process normally runs as root.


Privacy Statement
Copyright 2010, SecurityFocus