OpenSSL, Groff: Insecure tempfile handling Venurability
OpenSSL is a part of every Sysad's life.
Here is a venurability that Gentoo Linux has published in case you use the Groff util.
groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the der_chop script, which is used to convert DER-encoded certificates to PEM format. Groff (GNU Troff) is a typesetting package which reads plain text mixed with formatting commands and produces formatted output. It includes groffer, a command used to display groff files and man pages on X and tty.
Groffer and der_chop script creat files in world writable dir with predictable names.
So if u are a *root* user the attacker could create symlinks and modify files with your permissions.
Gentoo advices to upgrade the Groffer package and OpenSSL package
Upgrade Gropher
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/groff-1.19.1-r2"
Upgrade OpenSSL
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7d-r2"
The venurability listing can be found here.
posted by Nitin @ 11/09/2004 07:38:00 PM
0 Comments:
Post a Comment
<< Home