Bug 697848 - atop: Symlink attacks via process accounting file
Summary: atop: Symlink attacks via process accounting file
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 697851 697852 697853
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-19 12:53 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:44 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-04-19 16:20:31 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2011-04-19 12:53:55 UTC 
atop v1.23 and earlier created process accounting file (/tmp/atop.d/atop.acct)
in an insecure way. A local attacker could use this flaw to conduct symlink
attacks (e.g. overwrite arbitrary system files).

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794
[2] http://secunia.com/advisories/44175/
Comment 1 Jan Lieskovsky 2011-04-19 13:00:01 UTC 
This issue affects the versions of the atop package, as shipped
with Fedora release of 13 and 14.

This issue affects the versions of the atop package, as present
within EPEL-4 and EPEL-5 repositories.

Please schedule an update once final upstream patch ready / known.
Comment 2 Jan Lieskovsky 2011-04-19 13:01:28 UTC 
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2011/04/19/2
Comment 3 Jan Lieskovsky 2011-04-19 13:03:26 UTC 
Created atop tracking bugs for this issue

Affects: epel-4 [bug 697851]
Affects: epel-5 [bug 697852]
Affects: fedora-all [bug 697853]
Comment 4 Jan Lieskovsky 2011-04-19 16:20:31 UTC 
Closing as not an issue due this:
[4] http://www.openwall.com/lists/oss-security/2011/04/19/3
Note You need to log in before you can comment on or make changes to this bug.