1.2 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.1%
getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack.
Under certain circumstances, getty_ps will create files in the /tmp file system in an insecure manner. The program uses a naming scheme that could make it possible to guess the file name of future files in the /tmp directory, and does not check for the existence of the file before attempting to create it.
By creating symbolic links in /tmp with appropriate names, an attacker could cause getty_ps to overwrite files writeable by the effective UID of this package. Since this package is normally run as root, any file on the system could be thus corrupted.
Apply vendor patches; see the Systems Affected section below.
342768
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 10, 2001 Updated: August 17, 2001
Affected
Immunix Security Advisory 2000-70-025-01
The vendor has not provided us with any further information regarding this vulnerability.
-----------------------------------------------------------------------
Packages updated:getty_ps Effected products:Immunix OS 7.0-beta Bugs Fixed:immunix/1317 Date:January 10, 2000 Advisory ID:IMNX-2000-70-025-01 Author:Greg Kroah-Hartman <[email protected]> -----------------------------------------------------------------------
Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the getty_ps program.
A patch has been applied that fixes this problem, however the maintainer of the program never responded to our email message about this problem.
Packages have been created and released for Immunix 7.0 beta to fix this problem.
Package names and locations: Precompiled binary package for Immunix 7.0 beta is available at: ``<http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/getty_ps-2.0.7j-12_StackGuard_2.i386.rpm>``
Source package for Immunix 7.0 beta is available at: ``<http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/getty_ps-2.0.7j-12_StackGuard_2.src.rpm>
md5sums of the packages: ebe7518773d6598ef520233236488b7a getty_ps-2.0.7j-12_StackGuard_2.i386.rpm 22576dbf9d22ee4bb16811bddc9abd00 getty_ps-2.0.7j-12_StackGuard_2.src.rpm
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Notified: January 10, 2001 Updated: August 17, 2001
Affected
<http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Updated: July 28, 2004
Affected
The patched release will be 2.1.0a, and all future releases (2.1.0b or higher, or the scheduled 2.1.1). The fix should be released in the next 7 days.
Please note that this vulnerablity exists in all previous releases that I have copies of (going back to 2.0.4), and I assume all the way back from there.
Important PLEASE NOTE: this problem only occurs, if the package was compiled with SYSLOG_DEBUG not defined, which should not be the case in production versions. (The vunerability is caused by a debug file.) The simplest fix is to check the source code (file “tune.h”), for “#define SYSLOG” and “#define SYSLOG_DEBUG”. If present, then this vunerabilty does not exist, as the code that creates the file in question is disabled. If not present, then include these in the tune.h file, re-compile, and re-install.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Notified: August 21, 2001 Updated: August 28, 2001
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The version shipped by SuSE does not appear to be vulnerable.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Notified: August 21, 2001 Updated: October 01, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Notified: August 21, 2001 Updated: October 01, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Notified: August 21, 2001 Updated: October 01, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Notified: August 21, 2001 Updated: October 01, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342768 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was first reported by Greg Kroah-Hartman.
This document was written by Tim Shimeall.
CVE IDs: | CVE-2001-0119 |
---|---|
Severity Metric: | 5.63 Date Public: |