Title: Charities.Cron Insecure Temporary File Creation Vulnerability
Severity: MODERATE
Description:
Charities.cron is a cron script written in gawk, which clicks the links on various charity websites. Charities.cron is intended to be run as a daily cron job. It will run on most Unix and Linux variants.
Charities.cron uses the lynx web browser to poll various charity websites. It downloads the charity webpages and stores them in temporary files. However, Charities.cron creates these temporary files with predictable filenames. A local attacker may exploit this to cause arbitrary files writeable by the cron scheduling daemon process to be written to via symlink attacks. This may result in a denial of service condition.
This vulnerability has existed in one form or another through various releases of Charities.cron. Since the most recent version (1.7.0) still uses prediactable temporary filenames, it may be still be possible to exploit this condition. Charities.cron does check to see if the temporary files used already exist before dumping the charity webpages, however, this fix only creates a race condition which may still be potentially exploitable.
Affected Products:
- Steve Sachs Charities.cron 1.0.2
- Steve Sachs Charities.cron 1.1.1
- Steve Sachs Charities.cron 1.5.0.0
- Steve Sachs Charities.cron 1.6.0.0
References:
- Steve Sachs: Charities.cron Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
