| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42C8F08D.70308@zataz.net>
Date: Mon Jul 4 10:42:12 2005
From: exploits at zataz.net (ZATAZ Audits)
Subject: log4sh insecure temporary file creation
#########################################################
log4sh insecure temporary file creation
Vendor: http://forestent.com/products/log4sh/
Advisory: http://www.zataz.net/adviso/log4sh-06092005.txt
Vendor informed: yes
Exploit available: no
Impact : low
Exploitation : low
#########################################################
The vulnerabilities are caused due to temporary file being created
insecurely.
This can be exploited via symlink attacks in combination to create and
overwrite
arbitrary files with the privileges of the user running the affected script.
##########
Versions:
##########
log4sh <= 1.2.5
##########
Solution:
##########
Use kernel patch such as grsecurity
#########
Timeline:
#########
Discovered : 2005-05-26
Vendor notified : 2005-06-09
Vendor response : no reponse
Vendor fix : no fix
Vendor Sec report (vendor-sec@....de) : 2005-06-27
Disclosure : 2005-07-04
#####################
Technical details :
#####################
Vulnerable code :
-----------------
356 log4sh_readProperties()
357 {
358 _file=$1
359
360 _tmpFile="/tmp/log4sh.$$"
361 grep "^log4sh\." $_file >$_tmpFile
#########
Related :
#########
Gentoo Bugs report : http://bugs.gentoo.org/show_bug.cgi?id=94069
#####################
Credits :
#####################
Eric Romang (eromang@...az.net - ZATAZ Audit)
Thxs to Gentoo Security Team. (Taviso, jaervosz, solar, tigger, etc.)
Powered by blists - more mailing lists