Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSam JohnstonPACKETSTORM:74504
HistoryJan 30, 2009 - 12:00 a.m.

Enomaly ECP/Enomalism Insecure File Creation

2009-01-3000:00:00
Sam Johnston
packetstormsecurity.com
28

0.0004 Low

EPSS

Percentile

5.7%

JSON
`CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation  
vulnerabilities  
  
1. Synopsis  
  
All versions of Enomaly ECP/Enomalism prior to 2.1.1 use temporary  
files in an insecure  
manner, allowing for symlink and command injection attacks.  
  
2. Impact Information  
  
Background  
  
Enomaly ECP (formerly Enomalism) is management software for virtual machines.  
  
Description  
  
Sam Johnston of Australian Online Solutions reported that enomalism2.sh uses  
the /tmp/enomalism2.pid temporary file in an insecure manner.  
  
Impact  
  
A local attacker could perform a symlink attack to overwrite arbitrary files  
on the system with root privileges, or inject arguments to the 'kill' command  
to terminate or send arbitrary signals to any process(es) as root.  
  
Exploits  
  
a. ln -s /tmp/target /tmp/enomalism2.pid  
b. echo "-9 1" > /tmp/enomalism2.pid  
  
3. Resolution Information  
  
Workaround  
  
There is no known workaround at this time.  
  
Resolution  
  
All Enomaly ECP and Enomalism users should upgrade to the latest version.  
  
History  
  
2008-10-27 Bug initially reported to Enomaly by mail.  
  
2008-10-27 Reuven Cohen acknowledged receipt and suggested a fix.  
  
2008-11-06 CVE-2008-4990 allocated, update requested from Enomaly.  
  
2008-11-08 Reuven Cohen publicly acknowledged the bug:  
  
"Sam's security exploit is relativly minor and should not effect anyone with  
decent dom0 access rules. We currently use random filenames that are pretty  
hard to guess and if an un-authorized user were to gain access to the Dom0,  
you'd probably have bigger issues to deal with. So this really only effects  
"trusted" dom0 users. The resolution is don't give out dom0 access to untrusted  
users, which is probably a good idea anyway. The whole purpose of ECP is to  
abstract resources so you don't have to give that level of access to core  
system resources. The next release of Enomaly ECP will address this issue."  
  
2008-12-12 Enomaly ECP 2.1.1 (next subminor release) available with fix  
  
2009-01-29 Enomaly ECP 2.2 (next minor release) available with fix  
`

Related

prion 1
securityvulns 3
cve 1
cvelist 1
packetstorm 1
seebug 3
exploitpack 1
exploitdb 1
prion
prion
Arbitrary file deletion
2009-02-02 22:30:00
securityvulns
securityvulns
CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities
2009-02-01 00:00:00
Enomaly ECP / Enomalism symbolic links vulnerability
2009-02-17 00:00:00
Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux)
2009-02-17 00:00:00
cve
cve
CVE-2008-4990
2009-02-02 22:30:00
cvelist
cvelist
CVE-2008-4990
2009-02-02 22:00:00
packetstorm
packetstorm
Enomaly ECP/Enomalism enomalism2.sh Temporary Files
2009-02-16 00:00:00
seebug
seebug
Enomaly ECP多个安全漏洞
2009-02-19 00:00:00
Enomaly ECP / Enomalism < 2.2.1 Multiple Local Vulnerabilities
2009-02-18 00:00:00
Enomaly ECP / Enomalism < 2.2.1 - Multiple Local Vulnerabilities
2014-07-01 00:00:00
exploitpack
exploitpack
Enomaly ECP Enomalism 2.2.1 - Multiple Local Vulnerabilities
2009-02-16 00:00:00
exploitdb
exploitdb
Enomaly ECP / Enomalism &lt; 2.2.1 - Multiple Local Vulnerabilities
2009-02-16 00:00:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for PACKETSTORM:74504
prion1securityvulns3cve1cvelist1packetstorm1seebug3exploitpack1exploitdb1