Bacula /autoconf/randpass Insecure Temporary File Creation

2005-09-20T13:14:34
ID OSVDB:19512
Type osvdb
Reporter Eric Romang(eromang@zataz.net)
Modified 2005-09-20T13:14:34

Description

Vulnerability Description

Bacula contains a flaw that may allow a malicious local user to create or overwrite arbitrary files on the system. The issue is due to /autoconf/randpass creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.37.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Bacula contains a flaw that may allow a malicious local user to create or overwrite arbitrary files on the system. The issue is due to /autoconf/randpass creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

References:

Vendor URL: http://www.bacula.org/ Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=104986 Vendor Specific News/Changelog Entry: http://bugs.bacula.org/bug_view_advanced_page.php?bug_id=0000422 Security Tracker: 1014941 Secunia Advisory ID:16866 Secunia Advisory ID:17083 Related OSVDB ID: 19513 Related OSVDB ID: 19514 Other Advisory URL: http://www.zataz.net/adviso/bacula-09192005.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0526.html CVE-2005-2995