search menu icon-carat-right cmu-wordmark

CERT Coordination Center

getty_ps creates temporary files insecurely

Vulnerability Note VU#342768

Original Release Date: 2001-10-01 | Last Revised: 2004-07-28

Overview

getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack.

Description

Under certain circumstances, getty_ps will create files in the /tmp file system in an insecure manner. The program uses a naming scheme that could make it possible to guess the file name of future files in the /tmp directory, and does not check for the existence of the file before attempting to create it.

Impact

By creating symbolic links in /tmp with appropriate names, an attacker could cause getty_ps to overwrite files writeable by the effective UID of this package. Since this package is normally run as root, any file on the system could be thus corrupted.

Solution

Apply vendor patches; see the Systems Affected section below.

Vendor Information

342768
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was first reported by Greg Kroah-Hartman.

This document was written by Tim Shimeall.

Other Information

CVE IDs: CVE-2001-0119
Severity Metric: 5.63
Date Public: 2001-01-10
Date First Published: 2001-10-01
Date Last Updated: 2004-07-28 15:31 UTC
Document Revision: 16

Sponsored by CISA.