KAME Dump/Trace Location Issue

1999-12-16T02:47:47
ID OSVDB:7413
Type osvdb
Reporter OpenBSD()
Modified 1999-12-16T02:47:47

Description

Vulnerability Description

KAME contains a flaw related to the default directory that many of its daemons write dump files and trace files to, which may allow an attacker to access sensitive system information, or possibly to modify that data. The bgpd, hroute6d, pim6dd, pim6sd, route6d, and rtsold daemons used the world-writeable /var/tmp directory for dump and trace files. No further details have been provided.

Solution Description

Upgrade to version 1.345 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

Short Description

KAME contains a flaw related to the default directory that many of its daemons write dump files and trace files to, which may allow an attacker to access sensitive system information, or possibly to modify that data. The bgpd, hroute6d, pim6dd, pim6sd, route6d, and rtsold daemons used the world-writeable /var/tmp directory for dump and trace files. No further details have been provided.

References:

Vendor URL: http://www.kame.net Vendor Specific Advisory URL