J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: DGen Emulator Symbolic Link Vulnerability

Severity: MODERATE

Description:

DGen is a Sega Genesis game console emulator for Unix and Unix like operating systems. It is freely available, however it is no longer supported.

DGen is reportedly affected by a symbolic link vulnerability. This issue is due to a design error that fails to properly verify files prior to writing to them.

The problem presents itself as files are created by the affected application in the '/tmp' directory while decompression of ROM files takes place. Apparently the filename written to the '/tmp' directory is based on the compressed ROM file name.

This issue may allow an attacker to create a symbolic link with the predictable name that points to a target file writable by an unsuspecting user; allowing the attacker to overwrite arbitrary files. If the attacker controls the content of the file being decompressed, it may be possible to write attacker-specified data to the target file.

Successful exploitation of this issue will allow a local attacker to cause the affected application to overwrite arbitrary files with the privileges of the user that invoked the affected application. Reportedly this issue could be leveraged to facilitate privilege escalation.

Affected Products:

  • DGen Emulator 1.15.0
  • DGen Emulator 1.16.0
  • DGen Emulator 1.17.0
  • DGen Emulator 1.18.0
  • DGen Emulator 1.20.0
  • DGen Emulator 1.20.0 A
  • DGen Emulator 1.21.0
  • DGen Emulator 1.22.0
  • DGen Emulator 1.23.0
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.