LHA Insecure Temporary File Creation Vulnerability
TITLE: LHA Insecure Temporary File Creation Vulnerability
CLASS: Race Condition Error
CVE: CVE-2007-2030
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 07 2007 02:10PM
CREDIT: Lubomir Kundrak is credited with the discovery of this vulnerability.
VULNERABLE:
RedHat Fedora Core5NOT VULNERABLE:
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
LHA Lha 1.14i
LHA Lha 1.14b
Vai alla pagina originale su Security Focus
Discussion
The 'lha' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
References:
- Bug 236585: CVE-2007-2030 /tmp race in lha (RedHat - Bugzilla)
- Vendor Homepage (LHA)