Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Insecure temp file creation fix - peer review please

from [Derek Fountain] Network Security [Permanent Link]
Subject: Insecure temp file creation fix - peer review please
Date: Thu, 26 Aug 2004 15:42:28 +0800 
A few days back I noticed that the /usr/bin/asciiview script from the 
aalib-1.4.0-275 package in SUSE-9.1 used insecure temp file creation. The 
exploit is trivial and allows an attacker to cause a victim to overwrite any 
of the victim's files. I've reported this to SUSE.

The project over at Sourceforge (http://aa-project.sourceforge.net) appears to 
be dead, having had no update for 3 years. Emails to the two maintainers (at 
least the email addresses found in the SUSE RPM information) came bouncing 
back. So I thought I'd fix the bug myself... :) Since the script is small, I 
can post it here - see below. Perhaps someone with a bit more experience at 
this sort of thing can have a look at it to see if I've done it properly?

If my fix checks out I'll post it on the Sourceforge project page, although 
whether anything good will actually become of it is anyone's guess...



#!/bin/bash
# asciiview - an ascii art image browser script. Front end for aview/aaflip


TDIR=${TMPDIR:-/tmp}/aview_$$
FIFO=$TDIR/aview$$.pgm

clear()
{
  kill $! 2>/dev/null
  rm -f $FIFO 2>/dev/null
  rmdir $TDIR 2>/dev/null
}
myconvert()
{
   if anytopnm $1 >$FIFO 2>/dev/null ; then
     exit
   elif convert -colorspace gray $1 pgm:- 2>/dev/null ; then
     exit
   fi
   echo "Failed to convert file format to PNM by both convert and anytopnm" 

&2

   while true; do
     echo "0 "
   done
}
filenames=""
options=""
if [ "$1" = "" ]; then
  echo "$0 - an ascii art image/animation browser.

  To run this script you need aview, aaflip and NetPBM or ImageMagick.
  You may browse any graphics format supported by NetPBM or ImageMagick
  and .fli/.flc files.

  Usage:
   $0 [options] [filenames]

  type aview --help [enter] for list of options.
  "
  exit 1
fi
while [ "$1" != "" ]; do
  case $1 in
    "-font" | "-driver" | "-kbddriver" | "-mousedriver" | "-*width" | 
"-*height" | "-bright" | "-contrast" | "-gamma" |
"-random" | "-dimmul" | "-boldmul")
      options="$options $1 $2"
      shift
      shift
      ;;
    -*)
      options="$options $1"
      shift
      ;;
    *)
      filenames="$filenames $1"
      shift
      ;;
  esac
done

trap clear 0
(umask 077 && mkdir $TDIR) || {
    echo "Unable to create temp directory $TDIR"
    exit 1
}
mkfifo $FIFO || {
    echo "Unable to create FIFO $FIFO"
    exit 1
}
for name in $filenames ; do
if test -r $name ; then
case $name in
*.fli | *.lfc | *.flic )
  PATH="$PATH:."
  aaflip $options $name
  ;;
*)
  myconvert $name >$FIFO &
  pid=$!
  PATH="$PATH:."
  aview  $options $FIFO
  kill $pid 2>/dev/null
esac
else
  echo "$name could not be opened"
fi
done
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Insecure temp file creation fix - peer review please, Derek Fountain <=
Previous by Date:  Forwarding Windows credentials for a client/server application, Brian Erdelyi
Previous by Thread:  Forwarding Windows credentials for a client/server application, Brian Erdelyi
Indexes:  [Date] [Thread] [Top] [All Lists]