Related information

Pine symbolic links problem

From:	SECUNIA <support_(at)_secunia.com>
Date:	12.04.2005
Subject:	[SA14899] Pine rpdump File Creation Race Condition Vulnerability

----------------------------------------------------------------------

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Pine rpdump File Creation Race Condition Vulnerability

SECUNIA ADVISORY ID:
SA14899

VERIFY ADVISORY:
http://secunia.com/advisories/14899/

CRITICAL:
Not critical

IMPACT:
Manipulation of data

WHERE:
Local system

SOFTWARE:
Pine 4.x
http://secunia.com/product/710/

DESCRIPTION:
Imran Ghory has reported a vulnerability in Pine, which potentially
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.

The vulnerability is caused due to a race condition in the rpdump
utility when creating files. The problem is that there is a larger
gap between the time that a check is made to determine whether a
local file exists and the time that the file is created. This can be
exploited via symlink attacks to overwrite arbitrary files with the
privileges of the user running the vulnerable program.

Successful exploitation requires write permissions to the directory,
which rpdump creates the local file in.

The vulnerability has been reported in Pine 4.62. Other versions may
also be affected.

SOLUTION:
Ensure that only the user has write permissions to the directory used
for creating the file with rpdump.

PROVIDED AND/OR DISCOVERED BY:
Imran Ghory

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.