SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   AllCommerce Vendors:   [Multiple Authors/Vendors]
AllCommerce Package for EnGarde Secure Linux May Allow a Local User to Gain Elevated Privileges
SecurityTracker Alert ID:  1001973
SecurityTracker URL:  http://securitytracker.com/id/1001973
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 11 2001
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   EnGarde Secure Linux reported a vulnerability in their package distribution of AllCommerce, a Perl-based commerce management product. The vulnerability may allow a local user to execute arbitrary code with the privileges of a different user.

It is reported that the EnGarde Secure Linux package (version) of AllCommerce was released with several debugging options enabled, which causes the software to create insecure files in the /tmp directory. These temporary files have predictable names and, as a result, could be exploited by a local user creating a symlink from the temporary file to another file on the system. This would allow the local user to overwrite files with the privileges of the 'webd' user account.

Impact:   A local user could overwrite files with the privileges of the 'webd' user, gaining elevated privileges on the host.
Solution:   EnGarde Secure Linux has released a package for AllCommerce that has the debugging options disabled. See the Source Message for upgrade instructions.
Vendor URL:  allcommerce.sourceforge.net/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (EnGarde)

Message History:   None.


 Source Message Contents

Subject:  [ESA-20010711-01] AllCommerce insecure temporary files


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   July 11, 2001 |
| http://www.engardelinux.org/                           ESA-20010711-01 |
|                                                                        |
| Package:  AllCommerce                                                  |
| Summary:  AllCommerce creates insecure temporary files.                |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
- --------
  There is a temporary file creation vulnerability in AllCommerce which
  can allow an attacker to exploit a victim via a symlink attack as the
  'webd' user.


DETAIL
- ------
  Our AllCommerce packages were released with several debugging options
  enabled.  This, unfortunately, leads to the creation of several insecure
  files in the /tmp directory.  These files have predictable names and
  are thus subject to a symlink attack as the 'webd' user.

  Debugging is totally disabled in this update so no files should be
  created in /tmp.  All users are urged to update to this latest package.


SOLUTION
- --------
  All users should upgrade to the most recent version, as outlined in
  this advisory.

  Guardian Digital recently made available the Guardian Digital Secure
  Update, a means to proactively keep systems secure and manage
  system software. EnGarde users can automatically update their system
  using the Guardian Digital WebTool secure interface.

  If choosing to manually upgrade this package, updates can be
  obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv <filename>


UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

    SRPMS/AllCommerce-1.0.4.1-1.0.25.src.rpm
      MD5 Sum:  7d4a528a1c72fbf11ffa6279db0122d2

  Binary Packages:

    noarch/AllCommerce-1.0.4.1-1.0.25.noarch.rpm
      MD5 Sum:  9f60b894068f946757b6ca127672b3d9


REFERENCES
- ----------

  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    Ryan W. Maple <ryan@guardiandigital.com>

  AllCommerce's Official Web Site:
    http://allcommerce.sourceforge.net/

  Security Contact:    security@guardiandigital.com
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20010711-01-AllCommerce,v 1.7 2001/07/11 16:56:28 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com> 
Copyright 2001, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7TI+bHD5cqd57fu0RAp88AKCKaxiAXzAF9IMeAJtknXk7VtFxRACfdyUc
2vFMXGGE+g9+vJrOEfUXd/A=
=iYn/
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
     To unsubscribe email engarde-security-request@engardelinux.org
         with "unsubscribe" in the subject of the message.

Copyright(c) 2001 Guardian Digital, Inc.                EnGardeLinux.org
------------------------------------------------------------------------




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC