---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Pine rpdump File Creation Race Condition Vulnerability SECUNIA ADVISORY ID: SA14899 VERIFY ADVISORY: http://secunia.com/advisories/14899/ CRITICAL: Not critical IMPACT: Manipulation of data WHERE: Local system SOFTWARE: Pine 4.x http://secunia.com/product/710/ DESCRIPTION: Imran Ghory has reported a vulnerability in Pine, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to a race condition in the rpdump utility when creating files. The problem is that there is a larger gap between the time that a check is made to determine whether a local file exists and the time that the file is created. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the vulnerable program. Successful exploitation requires write permissions to the directory, which rpdump creates the local file in. The vulnerability has been reported in Pine 4.62. Other versions may also be affected. SOLUTION: Ensure that only the user has write permissions to the directory used for creating the file with rpdump. PROVIDED AND/OR DISCOVERED BY: Imran Ghory ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------