Red Hat Linux swap File Information Disclosure

2001-05-02T23:11:21
ID OSVDB:5564
Type osvdb
Reporter OSVDB
Modified 2001-05-02T23:11:21

Description

Vulnerability Description

RedHat Linux contains a flaw that may lead to an unauthorized information disclosure. When a user requests swap files be created during updates, the files are created with world readable permissions. There is a potential that these swap files may contain passwords or other sensitive information. An attacker can access these files resulting in a loss of confidentiality.

Solution Description

Upgrade to losetup-2.11b-3.i386.rpm and mount-2.11b-3.i386.rpm or higher, as the combination has been reported to fix this vulnerability. It is also possible to correct the flaw by manually setting restricted read permissions to the temporary files.

Short Description

RedHat Linux contains a flaw that may lead to an unauthorized information disclosure. When a user requests swap files be created during updates, the files are created with world readable permissions. There is a potential that these swap files may contain passwords or other sensitive information. An attacker can access these files resulting in a loss of confidentiality.

References:

Security Tracker: 1001481 RedHat RHSA: RHSA-2001:058 ISS X-Force ID: 6493 CVE-2001-0635 Bugtraq ID: 2678