Actu
Vigil@nce - Linux iproute2: file corruption via /tmp
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link during the
installation of Linux iproute2, in order to force the corruption
of files with privileges of the administrator.
Severity: 1/4
Creation date: 27/02/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Linux iproute2 suite provides network configuration tools.
The "configure" script is used during the installation of
iproute2. This script checks the support of ATM by compiling the
/tmp/atmtest.c file. It also checks the support of Xtables with
/tmp/ipttest.c, and the support of the setns() system call with
/tmp/setnstest.c. However, a local attacker can create a symbolic
link with these names, in order to corrupt a file during the
execution of configure. [severity:1/4]
The dhcp-client-script example uses the /tmp/DHS.log file during
its execution. An attacker can thus also create a symbolic link
with this name. [severity:1/4]
A local attacker can therefore create a symbolic link during the
installation of Linux iproute2, in order to force the corruption
of files with privileges of the administrator.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-iproute2-file-corruption-via-tmp-11394
