GNU Enscript Insecure Temporary File Creation Vulnerability

Enscript is a freely available, open source program for transforming ASCII files into Postscript documents. Enscript is used mainly on Unix and Linux Operating Systems.

Enscript creates temporary files insecurely. Enscript makes use of insecure temporary file creation functions tmpnam() and tempnam(). The tmpnam() function, used in main.c, and tempnam() function used in psgen.c, do not create adequately secure temporary file names. In addition to the design problems involved with the tmpnam() and tempnam() functions, inadequate checks are performed by the program to ensure the temporary files do not already exist.

This problem makes it possible for a local user to launch a symbolic link attack against a user of Enscript. This problem could result in the corruption of arbitrary files, and potentially elevated privileges.


Privacy Statement
Copyright 2010, SecurityFocus