SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Python Vendors:   Python.org
Python 'move-faqwiz.sh' Uses Unsafe Temporary Files That Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1020904
SecurityTracker URL:  http://securitytracker.com/id/1020904
CVE Reference:   CVE-2008-4108   (Links to External Site)
Date:  Sep 22 2008
Impact:   User access via local system

Version(s): 2.5.2 and prior versions
Description:   A vulnerability was reported in Python in the 'move-faqwiz.sh' script. A local user can obtain elevated privileges on the target system.

The Python generic FAQ wizard moving tool ('Tools/faqwiz/move-faqwiz.sh') creates temporary files in an unsafe manner. A local user can create a symbolic link (symlink) from a critical file on the system to the temporary file. Then, when the script is executed by the target user, the symlinked file will be created or overwritten with the privileges of the target user.

Jan Hauke Rahm reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  python.org/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC