The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[ESA-20010711-01] AllCommerce insecure temporary files


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 11 Jul 2001 13:40:35 -0400 (EDT)
From: EnGarde Secure Linux <[email protected]>
To: [email protected], [email protected]
Subject: [ESA-20010711-01]  AllCommerce insecure temporary files

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   July 11, 2001 |
| http://www.engardelinux.org/                           ESA-20010711-01 |
|                                                                        |
| Package:  AllCommerce                                                  |
| Summary:  AllCommerce creates insecure temporary files.                |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
- --------
  There is a temporary file creation vulnerability in AllCommerce which
  can allow an attacker to exploit a victim via a symlink attack as the
  'webd' user.


DETAIL
- ------
  Our AllCommerce packages were released with several debugging options
  enabled.  This, unfortunately, leads to the creation of several insecure
  files in the /tmp directory.  These files have predictable names and
  are thus subject to a symlink attack as the 'webd' user.

  Debugging is totally disabled in this update so no files should be
  created in /tmp.  All users are urged to update to this latest package.


SOLUTION
- --------
  All users should upgrade to the most recent version, as outlined in
  this advisory.

  Guardian Digital recently made available the Guardian Digital Secure
  Update, a means to proactively keep systems secure and manage
  system software. EnGarde users can automatically update their system
  using the Guardian Digital WebTool secure interface.

  If choosing to manually upgrade this package, updates can be
  obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signature of the updated packages, execute the command:

    # rpm -Kv <filename>


UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

    SRPMS/AllCommerce-1.0.4.1-1.0.25.src.rpm
      MD5 Sum:  7d4a528a1c72fbf11ffa6279db0122d2

  Binary Packages:

    noarch/AllCommerce-1.0.4.1-1.0.25.noarch.rpm
      MD5 Sum:  9f60b894068f946757b6ca127672b3d9


REFERENCES
- ----------

  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Credit for the discovery of this bug goes to:
    Ryan W. Maple <[email protected]>

  AllCommerce's Official Web Site:
    http://allcommerce.sourceforge.net/

  Security Contact:    [email protected]
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20010711-01-AllCommerce,v 1.7 2001/07/11 16:56:28 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <[email protected]> 
Copyright 2001, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7TI+bHD5cqd57fu0RAp88AKCKaxiAXzAF9IMeAJtknXk7VtFxRACfdyUc
2vFMXGGE+g9+vJrOEfUXd/A=
=iYn/
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру