InoculateIT ftpdownload.log Symbolic Link File Overwriting

2001-05-25T00:00:00
ID OSVDB:1843
Type osvdb
Reporter Chris Wilson(chris@camcom.co.uk)
Modified 2001-05-25T00:00:00

Description

Vulnerability Description

InoculateIT contains a flaw that allows a malicious local user overwrite arbitrary files on the system. The issue is due to the inocucmd utility using a static file name for a temporary file. If a local user creates a symlink from the static file name (/tmp/ftpdownload.log) to an arbitrary file on the system, InoculateIT will follow the link and overwrite the arbitrary file.

Technical Description

This vulnerability affects the Unix versions (AIX, Solaris, Linux).

Solution Description

Upgrade to version 4.0 of the inocucmd program or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

InoculateIT contains a flaw that allows a malicious local user overwrite arbitrary files on the system. The issue is due to the inocucmd utility using a static file name for a temporary file. If a local user creates a symlink from the static file name (/tmp/ftpdownload.log) to an arbitrary file on the system, InoculateIT will follow the link and overwrite the arbitrary file.

References:

Vendor Specific Solution URL: ftp://ftp.ca.com/pub/getbbs/solaris.eng/ Vendor Specific Solution URL: ftp://ftp.ca.com/pub/getbbs/aix.eng/ Vendor Specific Solution URL: ftp://ftp.ca.com/pub/getbbs/linux.eng/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html ISS X-Force ID: 6607 CVE-2001-0625 Bugtraq ID: 2778