Overview
getty_ps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack.
Description
Under certain circumstances, getty_ps will create files in the /tmp file system in an insecure manner. The program uses a naming scheme that could make it possible to guess the file name of future files in the /tmp directory, and does not check for the existence of the file before attempting to create it. |
Impact
By creating symbolic links in /tmp with appropriate names, an attacker could cause getty_ps to overwrite files writeable by the effective UID of this package. Since this package is normally run as root, any file on the system could be thus corrupted. |
Solution
Apply vendor patches; see the Systems Affected section below. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was first reported by Greg Kroah-Hartman.
This document was written by Tim Shimeall.
Other Information
| CVE IDs: | CVE-2001-0119 |
| Severity Metric: | 5.63 |
| Date Public: | 2001-01-10 |
| Date First Published: | 2001-10-01 |
| Date Last Updated: | 2004-07-28 15:31 UTC |
| Document Revision: | 16 |