SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   fireHOL Vendors:   firehol.sourceforge.net
(Gentoo Issues Fix) FireHOL Unsafe Temporary Files Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1013059
SecurityTracker URL:  http://securitytracker.com/id/1013059
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 2 2005
Impact:   Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.214
Description:   A vulnerability was reported in FireHOL. A local user may be able to gain elevated privileges.

Sam Couter reported that FireHOL uses temporary files with known filenames in a temporary directory that has a predicatble name based on the process ID.

A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file to be used by FireHOL. Then, when a target user runs FireHOL, the symlinked file may be overwritten with the privileges of the target user.

Impact:   A local user may be able to gain elevated privileges.
Solution:   Gentoo has released a fix and indicates that all FireHOL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/firehol-1.224"

Vendor URL:  firehol.sourceforge.net/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 24 2005 FireHOL Unsafe Temporary Files Let Local Users Gain Elevated Privileges



 Source Message Contents

Subject:  [gentoo-announce] [ GLSA 200502-01 ] FireHOL: Insecure temporary file creation


--nextPart9246165.87WjIHdxlH
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200502-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: FireHOL: Insecure temporary file creation
      Date: February 01, 2005
      Bugs: #79330
        ID: 200502-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

FireHOL is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.

Background
==========

FireHOL is an iptables rules generator.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  net-firewall/firehol       < 1.224                       >= 1.224

Description
===========

FireHOL insecurely creates temporary files with predictable names.

Impact
======

A local attacker could create malicious symbolic links to arbitrary
system files. When FireHOL is executed, this could lead to these files
being overwritten with the rights of the user launching FireHOL,
usually the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All FireHOL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-firewall/firehol-1.224"

References
==========

  [ 1 ] FireHOL CVS log
        http://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200502-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart9246165.87WjIHdxlH
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBB//ZKzKC5hMHO6rkRAg0jAJ4wW9pxUnCXYzNYFJfdy1t/nTT+XQCeKzYw
1qkodePOspX3PzryFYEPFPM=
=rS5Y
-----END PGP SIGNATURE-----

--nextPart9246165.87WjIHdxlH--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC