SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   BMV Vendors:   Kybic, Jan
(Debian Issues Fix) BMV Viewer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1012851
SecurityTracker URL:  http://securitytracker.com/id/1012851
CVE Reference:   CAN-2003-0014   (Links to External Site)
Date:  Jan 12 2005
Impact:   Modification of system information, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.2
Description:   A vulnerability was reported in the BMV viewer in the processing of temporary files. A local user may be able to gain elevated privileges.

Debian reported that BMV uses temporary files in an unsafe manner. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file to be used by BMV. Then, when BMV is run, the symlinked file may be overwritten with the privileges of the target user.

The flaw resides in 'gsinterf.c'.

Peter Samuelson is credited with discovering this flaw.
Impact:   A local user may be able to obtain elevated privileges.
Solution:   Debian has released a fix for the stable distribution (woody) in version 1.2-14.2 and for the unstable distribution (sid) in version 1.2-17.

Debian GNU/Linux 3.0 alias woody:

Source archives:

http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.dsc
Size/MD5 checksum: 565 7b056960fafe4fca7c72083788cf5844
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.diff.gz
Size/MD5 checksum: 11811 ab4e7218ce67de842d3a78e1c8e11caf
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
Size/MD5 checksum: 50755 40c881800edac6b1d2ce75ea8da6e6b4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2_i386.deb
Size/MD5 checksum: 21762 b625704138829c0dcd96a25e0a7f365b
Vendor URL:  www.debian.org/security/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:   Linux (Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 12 2005 BMV Viewer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges


 Source Message Contents
Date:  Tue, 11 Jan 2005 12:39:36 +0100 (CET)
Subject:  [SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creation


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 633-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 11th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : bmv
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2003-0014

Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for
SVGAlib, discovered that temporary files are created in an insecure
fashion.  A malicious local user could cause arbitrary files to be
overwritten by a symlink attack.

For the stable distribution (woody) this problem has been
fixed in version 1.2-14.2.

For the unstable distribution (sid) this problem has been fixed in
version 1.2-17.

We recommend that you upgrade your bmv packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.dsc
      Size/MD5 checksum:      565 7b056960fafe4fca7c72083788cf5844
    http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.diff.gz
      Size/MD5 checksum:    11811 ab4e7218ce67de842d3a78e1c8e11caf
    http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
      Size/MD5 checksum:    50755 40c881800edac6b1d2ce75ea8da6e6b4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2_i386.deb
      Size/MD5 checksum:    21762 b625704138829c0dcd96a25e0a7f365b


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB47r3W5ql+IAeqTIRAjAHAJ0fgu2JKMudZJxZbTeh8Pitaq66MACeMdtM
F1EOxneGAQYYST/T820VyTc=
=sfYq
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC