Title: arpwatch /tmp File Race Condition Vulnerability
Severity: LOW
Description:
arpwatch is a program designed as part of the tcpdump package. It is distributed with numerous UNIX variants, and freely available. Immunix is a hardened Linux distribution maintained by the Immunix group at WireX Corporation.
A vulnerability exists in arpwatch that could allow a user to perform a symbolic link attack. When executed, the arpwatch program creates files in the /tmp directory under certain conditions. These files, however, are not created in a secure manner, and not stat()'d when the program executes and attempts to create these files. It is possible to guess the handle of these files, and create them in advance as symbolic links to programs that are writable by the user executing arpwatch. The user executing arpwatch would then overwrite the linked files, or append content to them, thus corrupting the file. This makes it possible for a user with malicious motives to overwrite or append to files owned by the user of arpwatch, the typical user of arpwatch being root.
Affected Products:
- MandrakeSoft Linux Mandrake 6.0.0
- MandrakeSoft Linux Mandrake 6.1.0
- MandrakeSoft Linux Mandrake 7.0.0
- MandrakeSoft Linux Mandrake 7.1.0
- MandrakeSoft Linux Mandrake 7.2.0
- RedHat Linux 7.0.0
- WireX Immunix OS 7.0.0 -Beta
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
