imwheel -- insecure handling of PID file

ID E31D44A2-21E3-11D9-9289-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2004-08-20T00:00:00


A Computer Academic Underground advisory describes the consequences of imwheel's handling of the process ID file (PID file):

imwheel exclusively uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.