iproute2 netbug Script Symlink Arbitrary File Overwrite

2005-01-10T08:32:11
ID OSVDB:12781
Type osvdb
Reporter Javier Fernandez-Sanguino Pena(jfs@computer.org)
Modified 2005-01-10T08:32:11

Description

Vulnerability Description

Iproute2 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker creates a symlink between arbitrary files and the temporary files created by the netbug script occurs. This flaw may lead to a loss of Integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Iproute2 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker creates a symlink between arbitrary files and the temporary files created by the netbug script occurs. This flaw may lead to a loss of Integrity.

References:

Vendor URL: http://developer.osdl.org/dev/iproute2/ Secunia Advisory ID:13758