Title: XMCD Temp Directory Symbolic Link Vulnerability
Severity: MODERATE
Description:
xmcd is a freely available cd playing utility for the various UNIX platforms. It is maintained by public domain.
A problem in the cda utility included with the package can allow a user to overwrite files, potentially creating a denial of service.
When executed, cda creates temporary files insecurely. It is possible for a user to predict the name of a future temporary file, and create a symbolic link pointing to another file to be overwritten. Once executed, cda attempts to create and write to the temporary file, overwriting the file that has been symbolically linked.
cda is installed setuid root, which makes it possible for a user exploiting this vulnerability to overwrite any root owned file. Exploitation of this vulnerability could result in a denial of service, and potentially an elevation of privileges.
Affected Products:
- Ti Kan Xmcd 2.6.0.0
- Ti Kan Xmcd 3.0.0.0
- Ti Kan Xmcd 3.0.1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
