• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Linux Vendor Expect Insecure Library Loading Vulnerability

Severity: MODERATE

Description:

Expect is a freely available tool designed for automating interactive programs such as telnet, ftp, and so forth. The program was originally written by Don Libes.

Expect as implemented on some Linux distributions makes it possible to execute arbitrary code. This may lead to a local user gaining elevated privileges, and potentially root access. The problem is in the searching of dynamic libraries.

As implemented on some Linux distributions, when expect is executed, it searches insecure directories for dynamic libraries before execution. One such directory is /var/tmp, which on some Linux distributions is a world-writable temporary directory.

It is possible for a local user to build a malicious library, and place it in the /var/tmp directory. When a local user executes a program or script using expect, the malicious library in /var/tmp will be loaded. This could result in the execution of arbitrary code. Depending on the privileges of the user, it could also result in a local user gaining arbitrary administrative access.

Affected Products:

• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• HP Secure OS software for Linux 1.0.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.1.0 ia64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• MandrakeSoft Single Network Firewall 7.2.0
• RedHat Linux 7.0.0
• RedHat Linux 7.0.0 alpha
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.1.0
• RedHat Linux 7.1.0 alpha
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.1.0 ia64
• RedHat Linux 7.1.0 iseries
• RedHat Linux 7.1.0 pseries

References:

• Red Hat: RHSA-2002:148-11 Updated Tcl/Tk packages fix local vulnerability

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.