DOSEMU tmp Installation DoS

2004-01-18T00:00:00
ID OSVDB:3628
Type osvdb
Reporter OSVDB
Modified 2004-01-18T00:00:00

Description

Vulnerability Description

DOSEMU contains a flaw that may cause the system administrator to permanantly delete vital parts of the file system. The issue is due to the Makefile.main install section not properly defining the $(abs_top_build_dir) variable. Under some installations, this variable may not be defined, leading the install process to "rm -rf $(TMP)" where $(TMP) is defined as /tmp.

Technical Description

This is a considerable risk on many multi-user systems due to the contents of /tmp. Many programs and utilities keep important information in the /tmp directory that if deleted may affect user activity. Some examples: - SSH session/socket information - Screen session/socket information - Editor temp files - X-Windows session/socket information - User PID files

Solution Description

Upgrade to version 1.1.99.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DOSEMU contains a flaw that may cause the system administrator to permanantly delete vital parts of the file system. The issue is due to the Makefile.main install section not properly defining the $(abs_top_build_dir) variable. Under some installations, this variable may not be defined, leading the install process to "rm -rf $(TMP)" where $(TMP) is defined as /tmp.

References:

Vendor URL: http://sourceforge.net/projects/dosemu/ Generic Informational URL: http://sourceforge.net/tracker/index.php?func=detail&aid=851514&group_id=49784&atid=457447