LogWatch Temp Directory Race Condition Arbitrary Code Execution

2002-03-27T00:00:00
ID OSVDB:5776
Type osvdb
Reporter Spybreak(spybreak@host.sk)
Modified 2002-03-27T00:00:00

Description

Vulnerability Description

Logwatch contains a flaw that may allow a malicious user to execute arbitrary code as the superuser. The issue is that Logwatch fails to check for existing directories in /tmp before it trusts the content of that directory. The flaw allows execution of any code in a directory named with an anticipated PID. This may result in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Logwatch contains a flaw that may allow a malicious user to execute arbitrary code as the superuser. The issue is that Logwatch fails to check for existing directories in /tmp before it trusts the content of that directory. The flaw allows execution of any code in a directory named with an anticipated PID. This may result in a loss of confidentiality, integrity, and/or availability.

References:

RedHat RHSA: RHSA-2002:054 Mail List Post: http://www.securityfocus.com/archive/1/327833 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=101724766216872 Keyword: symlink Keyword: privilege elevation ISS X-Force ID: 8652 CVE-2002-0162 Bugtraq ID: 4374