gfax Unsafe Temporary File Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1018335
|
|
SecurityTracker URL: http://securitytracker.com/id?1018335
|
|
CVE Reference: CVE-2007-2839
(Links to External Site)
|
Date: Jul 6 2007
|
Impact: Modification of system information, Root access via local system
|
Version(s): 0.4.2, possibly other versions
|
Description: A vulnerability was reported in gfax. A local user can obtain root privileges on the target system.
The software writes to the '/tmp/crontab' temporary file in an unsafe manner. A local user can exploit this flaw to append arbitrary
lines to '/etc/crontab'.
The flaw resides in 'src/mgetty_setup.c'.
Steve Kemp from the Debian Security Audit project discovered
this vulnerability.
[Editor's note: The latest version of the GNOME-2.x port of GFAX does not contain the vulnerable file.]
|
Impact: A local user can obtain root privileges on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: gfax.cowlug.org/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 6 Jul 2007 00:55:21 -0400
Subject: gfax
|
CVE-2007-2839
Steve Kemp from the Debian Security Audit project discovered that
gfax, a GHOME frontend for fax programs, uses temporary files in an
unsafe manner which may be exploited to execute arbitary commands
with the privileges of the root user.
|
|
