The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
ARC Insecure Temporary File Creation
------------------------------------------------------------------------
SUMMARY
<http://sourceforge.net/projects/arc/> ARC is "used to create and
maintain file archives. An archive is a group of files collected together
into one file in such a way that the individual files may be recovered
intact".
A vulnerability in ARC is caused due to temporary file being created
insecurely. The temporary file used for archive creation could be read by
untrusted users.
DETAILS
Vulnerable Systems:
* ARC versions 5.21j and prior.
Vulnerable code:
arc.c :
210 /* see where temp files go */
211 #if !_MTS
212 arctemp = calloc(1, STRLEN);
213 if (!(arctemp2 = envfind("ARCTEMP")))
214 arctemp2 = envfind("TMPDIR");
215 if (arctemp2) {
216 strcpy(arctemp, arctemp2);
217 n = strlen(arctemp);
218 if (arctemp[n - 1] != CUTOFF)
219 arctemp[n] = CUTOFF;
220 }
221 #if UNIX
222 else strcpy(arctemp, "/tmp/");
223
No comments:
Post a Comment