SecurityTracker.com Archives - Gentoo Sandbox Unsafe Temporary Files May Let Local Users Gain Elevated Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Sandbox

Vendors: Gentoo

Gentoo Sandbox Unsafe Temporary Files May Let Local Users Gain Elevated Privileges

SecurityTracker Alert ID: 1014574

SecurityTracker URL: http://securitytracker.com/id?1014574

CVE Reference: CVE-2005-2449 (Links to External Site)

Updated: Jul 6 2008

Original Entry Date: Jul 26 2005

Impact: Modification of system information, Modification of user information, Root access via local system

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Gentoo Advisory

Version(s): prior to 1.2.11

Description: A vulnerability was reported in Gentoo sandbox. A local user may be able to obtain elevated privileges.

The sandbox utility, used by the Gentoo Portag system, creates temporary files in an unsafe manner.

A local user may be able to exploit a race condition to cause arbitrary files to be created or overwritten with root level privileges.

Impact: A local user may be able to cause arbitrary files to be created or overwritten with root level privileges.

Solution: The vendor has released a fixed version (1.2.11) and indicates that all sandbox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11"

Vendor URL: security.gentoo.org/glsa/glsa-200507-22.xml (Links to External Site)

Cause: Access control error, State error

Underlying OS: Linux (Gentoo)

Reported By: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>

Message History: None.

Source Message Contents

Date: Mon, 25 Jul 2005 20:06:22 +0200
From: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Subject: [Full-disclosure] [ GLSA 200507-22 ] sandbox: Insecure temporary

 

--===============1064450190==
Content-Type: multipart/signed; boundary="nextPart13080579.eg7biefJJe";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart13080579.eg7biefJJe
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: sandbox: Insecure temporary file handling
      Date: July 25, 2005
      Bugs: #96782
        ID: 200507-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The sandbox utility may create temporary files in an insecure manner.

Background
==========

sandbox is a Gentoo Linux utility used by the Portage package
management system.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  sys-apps/sandbox      < 1.2.11                          >= 1.2.11

Description
===========

The Gentoo Linux Security Audit Team discovered that the sandbox
utility was vulnerable to multiple TOCTOU (Time of Check, Time of Use)
file creation race conditions.

Impact
======

Local users may be able to create or overwrite arbitrary files with the
permissions of the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All sandbox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-apps/sandbox-1.2.11"

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-22.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart13080579.eg7biefJJe
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBC5SofzKC5hMHO6rkRAmb2AJ9AAHake2Obfc++xh2B62qKLob+aQCcDBWJ
Iz2t7oiWyjWB4kq8liwNKcY=
=g7a0
-----END PGP SIGNATURE-----

--nextPart13080579.eg7biefJJe--

--===============1064450190==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============1064450190==--

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC