IMWheel Insecure Temporary File Creation

2004-08-23T10:56:22
ID OSVDB:9111
Type osvdb
Reporter Druid(druid@caughq.org)
Modified 2004-08-23T10:56:22

Description

Vulnerability Description

IMWheel contains a flaw that may allow a malicious user to take control of the temporary file on the server. The issue is triggered when IMWheel creates an insecure temporary file (imwheel.pid) which manages the running IMWheel processes. It is possible that the flaw may allow a local attacker to escalate priveleges resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

IMWheel contains a flaw that may allow a malicious user to take control of the temporary file on the server. The issue is triggered when IMWheel creates an insecure temporary file (imwheel.pid) which manages the running IMWheel processes. It is possible that the flaw may allow a local attacker to escalate priveleges resulting in a loss of integrity.

References:

Vendor URL: http://imwheel.sourceforge.net/ Vendor Specific News/Changelog Entry: http://imwheel.sourceforge.net/files/DEVELOPMENT.txt Security Tracker: 1011049 Secunia Advisory ID:12349 Other Advisory URL: http://www.caughq.org/advisories/CAU-2004-0002.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0914.html ISS X-Force ID: 17082 CVE-2004-2698 Bugtraq ID: 11008