[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- atop: Symlink attacks via process
From: Jan Lieskovsky <jlieskov () redhat ! com>
Date: 2011-04-19 16:20:35
Message-ID: 4DADB653.6010708 () redhat ! com
[Download RAW message or body]
Jan Lieskovsky wrote:
>
> Hello Josh, Steve, vendors,
>
> atop v1.23 and earlier created process accounting file
> (/tmp/atop.d/atop.acct)
> in an insecure way. A local attacker could use this flaw to conduct symlink
> attacks (e.g. overwrite arbitrary system files).
Looked more into this issue and seems it may not be possible to misuse this
issue. The steps are below:
tmp]# mkdir /etc/hello
tmp]# ln -s /etc/hello atop.d
tmp]# service atop start
Starting atop: [ OK ]
But atop detects the /tmp/atop.d directory already exists (/var/log/atop/atop.log contains):
warning: no process exit detection (can not create directory /tmp/atop.d)
So doesn't seem to be exploitable => taking the CVE request back, no CVE needed.
Should have checked this earlier, sorry for the noise.
Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
>
> References:
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794
> [2] http://secunia.com/advisories/44175/
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=697848
>
> Could you allocate a CVE id for this?
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic