thr3ads.net - Secure testing team - [Secure-testing-team] Bug#622794: atop: vulnerable to symlink attack via insecure /tmp directory or file [Apr 2011]

If this information is useful, please help other people find it:
Share via:

Teodor

2011-Apr-14 17:51 UTC

[Secure-testing-team] Bug#622794: atop: vulnerable to symlink attack via insecure /tmp directory or file

Package: atop
Version: 1.23-1
Severity: grave
Tags: security
Justification: user security hole

Hi,

I''ve just noticed that atop keeps the runtime data in /tmp/atop*
directories
or files (mentioned on man page too). I think it was established from a 
discussion on debian-devel at l.d.o that this is potentially a security
vulnerability. Probably it should keep its temporary runtime data in its own
directory under /var/run (or /run for next release).

Please consider to backport the fix for ''stable'' too.

Thanks

-- System Information:
Debian Release: 6.0.1
  APT prefers stable-updates
  APT policy: (500, ''stable-updates''), (500,
''proposed-updates''), (500, ''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages atop depends on:
ii  libc6                   2.11.2-10        Embedded GNU C Library: Shared lib
ii  libncurses5             5.7+20100313-5   shared libraries for terminal hand
ii  logrotate               3.7.8-6          Log rotation utility
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

atop recommends no packages.

atop suggests no packages.

-- no debconf information

Secure testing team - Apr 2011 - Bug#622794: atop: vulnerable to symlink attack via insecure /tmp directory or file

[Secure-testing-team] Bug#622794: atop: vulnerable to symlink attack via insecure /tmp directory or file