Tiger Security Tool Temporary Files Race Condition and Symlink

1998-06-28T00:00:00
ID OSVDB:3146
Type osvdb
Reporter OSVDB
Modified 1998-06-28T00:00:00

Description

Vulnerability Description

Tiger Security Scanner contains a flaw that allows local attackers to overwrite arbitrary files or possibly gain root priveleges. The flaw is due to a lack of sanity checking on calls to temporary files created in /tmp that do not check for existing files with the same name. Such flaws can be taken advantage of with symlinks and arbitrary files can be overwritten or appended to.

Technical Description

The $WORKDIR variable is set to /tmp and allows for various symlink attacks.

Solution Description

Upgrade to version 3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Tiger Security Scanner contains a flaw that allows local attackers to overwrite arbitrary files or possibly gain root priveleges. The flaw is due to a lack of sanity checking on calls to temporary files created in /tmp that do not check for existing files with the same name. Such flaws can be taken advantage of with symlinks and arbitrary files can be overwritten or appended to.

References:

Vendor URL: http://freshmeat.net/projects/tiger-audit/?topic_id=43 Vendor URL: http://www.tigersecurity.org/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0608.html ISS X-Force ID: 7326 Generic Informational URL: http://www.net.tamu.edu/network/tools/tiger.html CVE-1999-1038