Title: Sun Cobalt RaQ Predictable Temporary Filename Symbolic Link Attack Vulnerability
Severity: HIGH
Description:
Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems.
A vulnerability has been reported in Cobalt RaQ that may allow attackers to obtain elevated privileges. The vulnerability exists in the /usr/lib/authenticate utility which is used by Apache for authentication purposes. Reportedly, the utility creates temporary files with predictable names with world-writeable permissions.
The /usr/lib/authenticate utility creates a temporary file called 'gmon.out' in the temporary directory.
An attacker can exploit this vulnerabilty to create files on the filesystem with world-writeable permissions. This vulnerability is further exacerbated by the fact that /usr/lib/authenticate is a setuid root binary.
This vulnerability was reported for the Apache web server distributed with Cobalt RaQ 4.0. It is not known whether other versions of Cobalt RaQ are vulnerable to this issue.
Affected Products:
- Cobalt RaQ 4.0.0
References:
- Sun Microsystems: Server Appliances
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
