inn /tmp File Race Condition Vulnerability

inn is a freely available, open source Usenet software package maintained and available through the ISC, and packaged with various distributions of the Linux Operating System. A vulnerability exists which could allow a race condition to occur.

The problem occurs in the in the creation and handling of /tmp files by the inn program. Under some circumstances, inn will create files in the /tmp directory that use a predictable filename. In addition, inn may not check for the existance of these files. It is possible to create a range of symbolic links using predicted filenames in the /tmp directory, which could result in a symbolic link attack. This makes it possible for a user with malicious intent to symbolically link a file that's write-accessible by the UID of the inn process, and potentially overwrite or append to and corrupt the linked file.


Privacy Statement
Copyright 2010, SecurityFocus