Raptor GFX pgxconfig Symlink Arbitrary File Overwrite

2000-08-02T11:04:00
ID OSVDB:5740
Type osvdb
Reporter suid(suid@suid.kg)
Modified 2000-08-02T11:04:00

Description

Vulnerability Description

Raptor GFX contains a flaw in the pgxconfig utility that may allow a malicious user to gain root privileges. The issue results from the combination of two issues: 1) pgxconfig is suid root and 2) pgxconfig uses a predictable temporary file name. It is possible that the flaw may allow a malicious user to over write any file on the system, resulting in a loss of integrity, and/or availability.

Technical Description

Note that the solution given would prevent a malicious user from directly overwriting a file as root, however the predictable temporary file name issue remains.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): change permissions on pgxconfig to remove the SUID bit.

Short Description

Raptor GFX contains a flaw in the pgxconfig utility that may allow a malicious user to gain root privileges. The issue results from the combination of two issues: 1) pgxconfig is suid root and 2) pgxconfig uses a predictable temporary file name. It is possible that the flaw may allow a malicious user to over write any file on the system, resulting in a loss of integrity, and/or availability.

References:

Vendor URL: http://www.techsource.com/products/Sun_PCI/sun_pci.html Related OSVDB ID: 1501 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html CVE-2000-0694