Title: Computer Associates InoculateIT Symbolic Link File Overwriting Vulnerability
Severity: MODERATE
Description:
InnoculateIT is a anti-virus software package distributed by Computer Associates. It is designed for use on multiple platforms. This vulnerability has been reported to affect the Linux platform, although the nature is not known on other platforms currently.
Under normal operation, the software package is installed and configured to update itself nightly. This occurs through the execution of scripts via cron, and updates the signatures and packages used for virus protection on the system.
The problem occurs in the way the ftpdownload program creates temporary files. Upon execution, the logs of the ftpdownload session are created in the /tmp directory as predictable filename /tmp/ftpdownload.log. ftpdownload does not check for the existance of the file nor try to determine the status of the existing file. Therefore, a symbolic link to another file owned as root will be overwritten when the ftpdownload program is executed via the root crontab at 0100, based upon recommended configuration by CA.
Affected Products:
- Computer Associates InoculateIT 6.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
