oss-sec mailing list archives
Re: CVE Request -- atop: Symlink attacks via process accounting file
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 19 Apr 2011 18:20:35 +0200
Jan Lieskovsky wrote:
Hello Josh, Steve, vendors,atop v1.23 and earlier created process accounting file (/tmp/atop.d/atop.acct)in an insecure way. A local attacker could use this flaw to conduct symlink attacks (e.g. overwrite arbitrary system files).
Looked more into this issue and seems it may not be possible to misuse this issue. The steps are below: tmp]# mkdir /etc/hello tmp]# ln -s /etc/hello atop.d tmp]# service atop start Starting atop: [ OK ] But atop detects the /tmp/atop.d directory already exists (/var/log/atop/atop.log contains): warning: no process exit detection (can not create directory /tmp/atop.d) So doesn't seem to be exploitable => taking the CVE request back, no CVE needed. Should have checked this earlier, sorry for the noise. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794 [2] http://secunia.com/advisories/44175/ [3] https://bugzilla.redhat.com/show_bug.cgi?id=697848 Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- atop: Symlink attacks via process accounting file Jan Lieskovsky (Apr 19)
- Re: CVE Request -- atop: Symlink attacks via process accounting file Jan Lieskovsky (Apr 19)