Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite

2005-01-20T15:03:16
ID OSVDB:13087
Type osvdb
Reporter Javier Fernandez-Sanguino Pena(jfs@computer.org)
Modified 2005-01-20T15:03:16

Description

Vulnerability Description

Apache contains a flaw that may allow a malicious local user to corrupt, write to or create arbitrary files with the privileges of the user or process running the vulnerable script. The issue is triggered when 'check_forensic' script is activated. It is possible that the flaw may allow a loss of integrity.

Technical Description

A local insecure temporary file creation vulnerability affects Apache Software Foundation Apache Utilities. This issue is due to a failure to securely create temporary files in world writable locations.

The problem presents itself when the 'check_forensic' script is activated.
The affected script creates files in the '/tmp' directory with predictable file names. The files that are created are named 'fc-XX.$$', where the 'XX' corresponds to some variable and '$$' is the process ID.

An attacker may leverage this issue to corrupt, write to or create arbitrary files with the privileges of the user or process running the vulnerable script.

Although only Apache version 1.3.X are reportedly vulnerable, it is possible other versions are vulnerable as well.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu Linix has released a patch to address this vulnerability.

Short Description

Apache contains a flaw that may allow a malicious local user to corrupt, write to or create arbitrary files with the privileges of the user or process running the vulnerable script. The issue is triggered when 'check_forensic' script is activated. It is possible that the flaw may allow a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://bugs.debian.org/290974 Secunia Advisory ID:13925 Secunia Advisory ID:13932 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-65-1 Other Advisory URL: http://www.securityfocus.com/advisories/7852 CVE-2004-1387 Bugtraq ID: 12308