Vigil@nce - Perl Proc-ProcessTable: file corruption
December 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link when a Perl program
using the Proc::ProcessTable module is used, in order to alter a
file.
Severity: 1/4
Creation date: 01/12/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Perl Proc::ProcessTable module is used to access to the table
of Unix processes.
The cache_ttys parameter of the ProcessTable constructor indicates
to memorize the association between tty names and their device
numbers. These information are stored in the /tmp/TTYDEVS
temporary file.
However, this file name is constant, it is located in a publicly
writable directory, and ProcessTable does not check if there is a
symbolic link with this name.
A local attacker can therefore create a symbolic link when a Perl
program using the Proc::ProcessTable module is used, in order to
alter a file.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-Proc-ProcessTable-file-corru