Title: MIT Kerberos 5 SEND-PR.SH Insecure Temporary File Creation Vulnerability
Severity: MODERATE
Description:
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos is written and maintained by MIT. It is available for a variety of platforms including the Microsoft Windows, Unix, and Linux operating systems.
MIT Kerberos 5 is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. Reportedly, the vulnerability affects the 'send-pr.sh' script.
It is likely that during execution the affected utility creates either a file or directory in a globally writable directory on an affected computer. Typically temporary files are written to the '/tmp' directory in Unix and Unix variant platforms. Furthermore it is likely that the name of the temporary directory or file created by the vulnerable utility is predictable or trivial to guess. This would allow an attacker to create a malicious symbolic link that will be written to by the vulnerable utility when an unsuspecting user executes it. It should be noted that this is unverified and is therefore entirely conjecture.
The details available regarding this issue are not sufficient to provide an in depth technical description. This BID will be updated when more information becomes available.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
Affected Products:
- MIT Kerberos 5 1.3.4
- MandrakeSoft Linux Mandrake 10.1.0
- MandrakeSoft Linux Mandrake 10.1.0 x86_64
- RedHat Desktop 4.0.0
- RedHat Enterprise Linux AS 4
- RedHat Enterprise Linux ES 4
- RedHat Enterprise Linux WS 4
- RedHat Fedora Core1
- RedHat Linux 7.3.0
- RedHat Linux 7.3.0 i386
- RedHat Linux 7.3.0 i686
- RedHat Linux 9.0.0 i386
- SGI ProPack 3.0.0
- Turbolinux Turbolinux Server 10.0.0
References:
- MIT: Kerberos Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
