[MBT] new ticket for pkg xcdroast "Local Insecure File Creation Symlink Vulnerability"
bugs at pld-linux.org
bugs at pld-linux.org
Wed Jan 28 18:28:46 CET 2004
Date: 2004-01-28 18:28:45+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Local Insecure File Creation Symlink Vulnerability
Ticket ID: #826
Ticket URL: http://bugs.pld-linux.org/?bug=826
Package: xcdroast-1:0.98alpha10-4
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
See http://www.securityfocus.com/bid/8983/solution/
for patches (and links to discussions):
X-CD-Roast has been reported prone to an insecure file creation vulnerability that may be exploited to corrupt arbitrary files. The issue has been reported to present itself because X-CD-Roast will follow symbolic links when writing specific files. The problem is also conjectured to be exaggerated as a result of a lack of sufficient access controls set by X-CD-Roast on the files that it creates and employs.
A local user may leverage this condition to corrupt arbitrary files triggering a system wide denial of service or potentially elevating their system privileges.
More information about the pld-bugs
mailing list