Mac OS X passwd Temp File Symlink Arbitrary File Manipulation

2006-02-28T06:02:40
ID OSVDB:23647
Type osvdb
Reporter vade79()
Modified 2006-02-28T06:02:40

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the passwd program creating temporary files insecurely, using the form /tmp/.pwtmp.<pid> where <pid> is the process id of the passwd process. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the passwd program creating temporary files insecurely, using the form /tmp/.pwtmp.<pid> where <pid> is the process id of the passwd process. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:19064 Related OSVDB ID: 23637 Related OSVDB ID: 23639 Related OSVDB ID: 23646 Related OSVDB ID: 23636 Related OSVDB ID: 23640 Related OSVDB ID: 23641 Related OSVDB ID: 23642 Related OSVDB ID: 23643 Related OSVDB ID: 23648 Related OSVDB ID: 23649 Related OSVDB ID: 23638 Related OSVDB ID: 23644 Related OSVDB ID: 23645 Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400 News Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394 FrSIRT Advisory: ADV-2006-0791 CVE-2005-2714 Bugtraq ID: 16907 Bugtraq ID: 16910