lm_sensors Unsafed Temporary File Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015180
|
|
SecurityTracker URL: http://securitytracker.com/id?1015180
|
|
CVE Reference: CVE-2005-2672
(Links to External Site)
|
Date: Nov 10 2005
|
Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.9.2
|
Description: A vulnerability was reported in lm_sensors in August 2005. A local user may be able to obtain elevated privileges.
The pwmconfig tool component creates a temporary configuration file ('/tmp/fancontrol') in an unsafe manner. A local user can create
a symbolic link (symlink) from a critical file on the system to the temporary file. Then, when pwmconfig is executed, the symlinked
file may be overwritten with the privileges of the pwmconfig process (typically run with root privileges). As a result, the local
user can overwrite arbitrary files on the target system.
|
Impact: A local user can gain elevated privileges on the target system.
|
Solution: The vendor has issued a fixed version (2.9.2), available at:
http://lm-sensors.org/download.html
|
Vendor URL: lm-sensors.org/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 10 Nov 2005 17:02:40 -0500
Subject: lm_sensors vulnerability
|
The pwmconfig tool creates temporary files in an unsafe manner. A local user may
be able to overwrite arbitrary files on the target system.
CVE-2005-2672
|
|
