Title: FreeBSD Package Add Insecure Temporary Directory Creation Vulnerability
Severity: MODERATE
Description:
FreeBSD is a freely available, open source clone of the Unix Operating System. It is maintained by the FreeBSD project.
A problem with the pkg_add utility could make it possible for users to compromise the integrity of some packages, or potentially gain elevated privileges. The problem is in the creation of insecure directories.
When pkg_install is executed, it takes the supplied package and extracts it to a temporary directory. From this temporary directory, the extracted package is moved to it's final destination on the system.
When pkg_install is executed, the directory the contents of the package are extracted to is created with permissions of 755. With this permission set, it is possible for a local user to descend the directory tree. In the event that any subdirectories have been created with world-writable permissions, the user could either remove the data in those directories, or trojan the files to later gain elevated privileges.
This problem makes it possible for a local user to write to world-writable directories contained within packages that are installed by pkg_install, and could result in elevated privileges.
Affected Products:
- FreeBSD FreeBSD 4.2.0
- FreeBSD FreeBSD 4.3.0
- FreeBSD FreeBSD 4.4.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
