Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Insecure temp file creation fix - peer review please

from [Erwan Legrand] Network Security [Permanent Link]
Subject: Re: Insecure temp file creation fix - peer review please
Date: Wed, 06 Oct 2004 12:14:03 +0200 
Derek Fountain wrote:

A few days back I noticed that the /usr/bin/asciiview script from the aalib-1.4.0-275 package in SUSE-9.1 used insecure temp file creation. The exploit is trivial and allows an attacker to cause a victim to overwrite any of the victim's files. I've reported this to SUSE.

The project over at Sourceforge (http://aa-project.sourceforge.net) appears to be dead, having had no update for 3 years. Emails to the two maintainers (at least the email addresses found in the SUSE RPM information) came bouncing back. So I thought I'd fix the bug myself... :) Since the script is small, I can post it here - see below. Perhaps someone with a bit more experience at this sort of thing can have a look at it to see if I've done it properly?

If my fix checks out I'll post it on the Sourceforge project page, although whether anything good will actually become of it is anyone's guess...



Hi Derek,

your message is quite old, but I could not find any reply to it on the list. The way you create the temporary directory will effectively prevent against the exploit you describe.

--
Erwan Legrand
Information Security Consultant
elegrand@denyall.com

Tel : +33 (0)1 40 07 47 28
GSM : +33 (0)6 16 60 26 09
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Insecure temp file creation fix - peer review please, Erwan Legrand <=
Previous by Date:  RE: Charging customers on security, riptide
Next by Date:  RE: Inspecting Code for Security, Yvan Boily
Previous by Thread:  RE: Charging customers on security, Yvan Boily
Next by Thread:  RE: Inspecting Code for Security, Yvan Boily
Indexes:  [Date] [Thread] [Top] [All Lists]