Title: Eric Raymond cstrings tempnam() Insecure Temporary File Creation Vulnerability
Severity: LOW
Description:
cstrings is a program for internationalizing C source files. It is maintained by Eric Raymond and intended for use on Linux/Unix platforms.
cstrings creates temporary files in an insecure manner. The source of this issue is use of the tempnam() function in vulnerable versions when creating temporary files (in preference of the mkstemp() function). As a result, when temporary files are created, a race condition exists between the moment the file's existence is checked and the moment the file is opened. This could grant an attacker a window of opportunity to create a symbolic link in place of the temporary file.
An attacker could leverage this issue by creating a malicious symbolic link (using the name of the temporary file) that points to another file that is owned by the user who is expected to run with software. This could theoretically lead to file corruption, most likely resulting in destruction of data and denial of service.
The vendor addressed this issue by switching to the mkstemp() function when creating temporary files. mkstemp() also creates the temporary file with safer permissions (mode 0600).
Affected Products:
- Eric Raymond cstrings 2.2.0
References:
- Eric S. Raymond: cstrings Changelog
- Eric S. Raymond: cstrings Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
