XMCD Temp Directory Symbolic Link Vulnerability

xmcd is a freely available cd playing utility for the various UNIX platforms. It is maintained by public domain.

A race condition has been discovered in cda, part of the xmcd package. When executed, cda insecurely creates temporary files. Since the cda program is setuid root, it is possible to guess the name of a future temporary file, create a symbolic link to a root owned file on the system, and overwrite the file by executing cda.

This could result in a denial of service attack, or potentially an elevated of privileges.


Privacy Statement
Copyright 2010, SecurityFocus